
STIC Smmk 




BIG mm 



USPTO 



STIC Database Tracking Number: * 1 172|1 



TO: Kambiz Zand 
Location: 4C10 
Art Unit : 2132 
Thursday, IVIarch 25, 2004 

Case Serial Number: 09/621432 



Search Notes 



From: Geoffrey St. Leger 
Location: EIC 2100 
PK2-4B30 
Phone: 308-7800 

g eoff rey . st I eg e r@u spto.gov 



Dear Examiner Zand, 

Atiached please find the results of your search request for application 09/621432. I searched Dialog's foreign 
patent files, product announcement files and general files. 

Please let me know if you have any questions. 

Regards 




Ge 

4l^^>0/308-7800 




Scardi ond tnf orrmtwn 
Rcsourcos AtfminfStrcition 



File 347:JAPIO Nov 1976-2003/Nov (Updated 040308) 

(c) 2004 JPO & JAPIO 
rile 350:Derwent WPIX 1 963-2004 /UD, UM &UP=200419 

(c) 2004 Thomson Derwent 
File 348: EUROPEAN PATENTS 1 978-2004 /Mar W02 

(c) 2004 European Patent Office 
File 349: PCT FULLTEXT 1979-2002/UB=20040318, UT=20040311 

(c) 2004 WIPO/Univentio 

Set Items Description 

Si 36 AU=OFFER G? 

rS2 2 . SI AND CODE? ?( 1 ON ) SERVER? ? 



( 



L 



2/5/1 (Item 1 from file: 350) 

DIALOG (R) File 350:Derwent WPIX 

(c) 2004 Thomson Derwent . All rts. reserv. 

013700286 **Image available** 

WPI Acc No: 2001-184510/200119 

XRPX Acc No: NOl-131666 

Method of authentication for number of services for use in intelligent 
network facilitates access to number of services for user - involves 
comparing received authentication code with all authentication codes 
stored in authentication server , making connection to requested service 
if positive comparison result is achieved 

Pacent Assignee: SIEMENS AG (SIEI ) 

Inventor: OFFER G 

Number of Countries: 025 Number of Patents: 002 
Patent Family: 

Patent No Kind Date Applicat No Kind Date Week 

EP 1081911 A2 20010307 EP 2000115779 A 20000721 200119 B 

DE 19934278 Al 20010405 DE 1034278 A 19990721 200121 

Priority Applications (No Type Date) : DE 1034278 A 19990721 
Cited Patents: No-SR.Pub 
Patent Details: 

Paiient No Kind Lan Pg Main IPC Filing Notes 
r-r 108 1911 A2 G 7 H04L-029/06 

Designated States (Regional): AL AT BE CH CY DE DK ES FI FR GB GR IE IT 

1.1 LT LU LV MC MK NL PT RO SE SI 

19934278 Al H04L-009/32 

Abstract (Basic) : EP 1081911 A 

The method involves calling up each service via service- and 
user-specific access authorisation stored in an authentication server 
(16). A number of user authentication codes are stored in the server 
. Each authentication code of the service- or user-specific access 
authorisation (s) is associated with a user. 

The authentication server performs authentication when a service is 
requested by comparing a received authentication code with all stored 
authentication codes and making a connection to the requested service 
(10-15) if a positive comparison result is achieved. 

USE - For use in intelligent network operating via computer or 
mobile telephones and performing banking services, money transfers 
using smart card etc. 

ADVANTAGE - Facilitates access to number of services for user. 

Dwg. 1/4 

Title Terms: METHOD; AUTHENTICITY; NUMBER; SERVICE; INTELLIGENCE; NETWORK; 
FACILITATE; ACCESS; NUMBER; SERVICE; USER; COMPARE; RECEIVE; AUTHENTICITY 
; CODE; AUTHENTICITY; CODE; STORAGE; AUTHENTICITY; SERVE; CONNECT; 
REQUEST; SERVICE; POSITIVE; COMPARE; RESULT; ACHIEVE 

Derwent Class: TOl; T04; T05; WOl 

InLernational Patent Class (Main): H04L-009/32; H04L-029/06 
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(c) 2004 European Patent Office. All rts. reserv. 

01376347 

System and method for operating an interactive server in a cellular network 
System und Verfahren zum Betrieb eines interaktiven Servers in einem 

zellularen Kommunikationsnetz 
Sy Sterne et methode pour faire fonctionner un serveur interactif dans un 

reseau cellulaire 
PATENT ASSIGNEE: 

SIEMENS AKTIENGESELLSCHAFT, (200520), Wi ttelsbacherplat 2 2, 80333 Munchen 
, (DE), (Proprietor designated states: all) 



INVENTOR: 

Offer, Gero 
PATENT (CC, No, 



Albert-Schaf f 
Kind, Date) : 



le 
£P 
EP 
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11 
11 



r. 92, 70 
70967 Al 
70967 Bl 
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031022 



APPLICATION (CC, No, Date): EP 2000114333 000704; 
DESIGNATED STATES: DE; FI ; FR; GB 

EXTENDED DESIGNATED STATES: AL; LT; LV; MK; RO; SI 
INTERNATIONAL PATENT CLASS: H04Q-007/32 

CITED PATENTS (EP B) : EP 497203 A; EP 812120 A; WO 97/16938 A; WO 98/58506 
A; WO 99/37107 A; WO 99/67958 A 

ABSTRACT EP 1170967 Al (Translated) 

Telecommunications network has configuration query, response 
transmission arrangements for configuration requests, code responses, 
e.g. when terminal signs on to network, at defined times 

The network has a central server with a terminal software and hardware 
configuration query device and a response transmission arrangement that 
er.ab.le configuration requests and configuration code responses to be made 
.r 'V. d Lorminal signs on to the network or at defined times or at defined 

rva 1 s . Control devices distributed in the server and terminals 
l-'erform interactive control of the server transmission arrangement. 

Trie network (GSM) has a number of user terminals (MS1,MS2), each with a 
defined software and hardware configuration, and a central server (S) for 
an access or service provider with a terminal software and hardware 
configuration query device (3) and an arrangement (29) for loading 
software and/or data adapted to the detected software and hardware 
configuration onto the terminals. The terminals have corresponding 
transmission (5) and reception (31) arrangements. The query arrangement 
and a response transmission arrangement enable configuration requests and 
configuration code responses to be made when a terminal signs on to the 
network or at defined times or at defined intervals. Control devices 
(15-23) distributed in the server and terminals perform interactive 
concrol of the server transmission arrangement. 

Independent claims are also included for the following: 

(1) a method of operating a telecommunications network. 

(2) a terminal for use in a telecommunications network. 
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SINGLE SIGN - ON SYSTEM AND METHOD FOR PORTABLE PHONE 



NO. 



:N'rOR (s) 



APPLICANT (s) 

APPL. NO. : 

FILED: 

INTL CLASS: 



2002-286139 [JP 2002288139 A] 

October 04, 2002 (20021004) 

TAKAYANAGI TOMOMASA 

KOBAYASHI KOICHI 

KOTAKE TAKAHIRO 

NISHIZAWA JUSABURO 

SHIMADA KOSUKE 

KASAI TOSHIHARU 

NOVELL JAPAN LTD 

TEPCO SYSYTEMS CORP 

2001-093993 [JP 200193993] 

March 28, 2001 (20010328) 

G06F-015/00; H04Q-007/38; H04L-012/28 



ABSTRACT 

TC- tiE SOLVED: To provide a system enabling single sign - on for 

. I :■ ,.ib.: e phone . 

.:.'T ; ON : In the system, an authentication server 71 is interposed between 
i.he potable phone 10 and a server 100 of a Web site and after performing 
line personal identification of a user of the portable phone 10, and for a 

log - on to the server 100 of the Web site designated by the portable 
phone the authentication server 71 executes entry of a user ID and 

password . For this, a user ID and password with which to log-in to a 
server of a plurality of sites is stored in a hard disk in a storage server 
81. 
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SINGLE SIGN - ON USED FOR NETWORK SYSTEM INCLUDING PLURAL INDIVIDUALLY 
CONTROLLED LIMITED ACCESS RESOURCES 



PUB. NO.: 2000-347994 [JP 2000347994 A] 

PUBLISHED: December 15, 2000 (20001215) 

]NVENTOR(s): GAI GADEI 
■-•Pp3,i CANT (s) : SUN MICROSYST INC 

. : ;H)00-121905 up 2000121905] 

April 24, 2000 (20000424) 
]■'/:-{: 301642 [US 99301642], US (United States of America), April 

28, 1999 (19990428) 
::-iTL CLASS: G06F-015/00; G06F-013/00 



ABSTRACT 

PROBLEM TO BE SOLVED: To provide a method and system by which a user is 
authenticated by means of a client server system as that only a single 
master password is enough for the user to remember which the user signs 
on many servers by using passwords different in each server. 

SOLUTION: A client produces a set of server specific authentication 
information for a 1st server from the master authentication information 
sLored by the client and the data on 1st server (200-212) . Then the client 
s'jpplies Che authentication information specific to the 1st server to the 
Isi: server to access the limited resources which are controlled by the 
Isz server (214). The authentication information specific to the 1st server 
is different from the master authentication information. Thus, a manager of 
various servers never has the information with which another server can 



access the account of a user. 
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Single sign on user account management method for data 
processing, involves deleting resource name mapped to user identification 
from full resource list for choosing/storing new resource name including 
security data 

; L Assignee: INT BUSINESS MACHINES CORP (IBMC ) 

:nvencor: DINH H T; GILKEY J A; GOAL P M; LAKHDHIR M A; NADRENDRA R; TRAN K 
Number of Countries: 001 Number of Patents: 001 
Patent Family: 

Patent No Kind Date Applicat No Kind Date Week 

US 20030195970 Al 20031016 US 2002121876 A 20020411 200382 B 

Priority Applications (No Type Date): US 2002121876 A 20020411 
Patent Details: 

Patent No Kind Lan Pg Main IPC Filing Notes 
US 20030195970 Al 15 G06F-015/16 

Abstract (Basic) : US 20030195970 Al 

NOVELTY - A user directory entry (116) with resource names mapped 
to user's single sign on (SSO) identifications (ID) is retrieved 
from a director (108) comprising resource/user directory entries 
(110,112). A full resource list from the directory is retrieved and the 
resource names in mapped list (132) is deleted from full list. A new 
user chosen resources name including security data are amended to store 
in directory. 

DETAILED DESCRIPTION - INDEPENDENT CLAIMS are also included for the 
following : 

(1) a directory enabled, self service, single sign on user 
account management system; and 

(2) a directory enabled, self service, single sign on user 
account managing program. 

USE - For managing directory enabled, self service, single sign 
on user account , used in data processing of international business 
;t-}chine (IBM) secure way policy director single sign on (SSO) 
sys cem . 

ADVANTAGE - Allows users to perform self service in mapping 
resources credentials to SSO identification and also updating and 
deleting mappings. 

DESCRIPTION OF DRAWING (S) - The figure shows a schematic view of a 
single sign on mapping creating process. 

directory (108) 

resource directory entries (110) 
user directory entries (112,116) 
SSO user ID (120) 
SSO password (122) 
mapped resource list (132) 
pp: 15 DwgNo 1/A 

r::. :e Terms: SINGLE; SIGN; USER; ACCOUNT; MANAGEMENT; METHOD; DATA; PROCESS 
; i'JKLETE; RESOURCE; NAME; MAP; USER; IDENTIFY; FULL; RESOURCE; LIST; 
CHOICE; STORAGE; NEW; RESOURCE; NAME; SECURE; DATA 
Derwenc Class: TOl 

incernacional Patent Class (Main) : G06F-015/16 
File Segment: EPI 
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WPI Acc No: 2003-745715/200370 

XRPX Acc No: N03-597413 

Single sign on computer system for large enterprise, denies access 
to receiving web server if extracted user identification does not match 
prestored ID variable or if times tamp is greater than specified seconds 

Pa^,enu Assignee: TAIWAN SEMICONDUCTOR MFC CO LTD (TASE-N) 

::.ver;:-or: LIU S 

\' ::;:::'or of Countries: 001 Number of Patents: 001 
; :a e n L Family: 

la::enc No Kind Date Applicat No Kind Date Week 

US 20030158945 Al 20030821 US 200279747 A 20020219 200370 B 

Priority Applications (No Type Date) : US 200279747 A 20020219 
Patent Details: 

Patent No Kind Lan Pg Main IPC Filing Notes 
US 20030158945 Al 10 G06F-015/16 

Abstract (Basic): US 20030158945 Al 

NOVELTY - An account collaboration agent server (16) extracts user 
identification (ID) and timestamp from session variable index of 
senfJinq web server (18), when log-on request is sent from sending 

Lo receiving server. Access to receiving server is denied if 
• :■:* narLed user ID does not match prestored ID variable or if timestamp 
. > -jreauer than 3 seconds. 

DETAILED DESCRIPTION - An INDEPENDENT CLAIM is also included for 
rneuhod of using single sign on computer system. 

USE - For users of large enterprise networks and customers to 
login to a web site . Also for e-mail and word processing 
applications . 

ADVANTAGE - The single sign on system prevents a user's 
password from being explored when submitting the password using 
hyper text transfer protocol and protects a user's password from 
being cached or decoded. The system limits the number of passwords 
v%/iii ch a user is required co remember to gain access to a particular 
■jj, f ; 1 i ca r. ion or program. 

DESCRIPTION OF DRAWING (S) - The figure shows the block diagram of 
Lhe single sign on computer system. 

single sign on computer system (10) 

client device (12) 

server network (14) 

account collaboration agent server (16) 
web server (18) 

target web-based application (20) 
database server (24) 
user profile (28) 
pp; 10 DwgNo 1/6 

7i:;le TeVrns: SINGLE; SIGN; COMPUTER; SYSTEM; ACCESS; RECEIVE; WEB; SERVE; 
■•X^'P A'-T; v'SER; IDENTIFY; MATCH; ID; VARIABLE; GREATER; SPECIFIED; SECOND 

■; .:^s: TOl 
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Banking system for providing financial services to customer, allows 
customer to access host server or remote server through single login 
to either host or remote server 

Patent Assignee: GUDIPATI J (GUDI-I); ROSKO R J (ROSK-I) 

Inventor: GUDIPATI J; ROSKO R J 



Number of Countries: 001 Number of Patents: 001 
Patent Family: 

Patent No Kind Date Applicat No Kind Date Week 

iiS 20030101116 Al 20030529 US 2000591687 A 20000612 200356 B 

US 2001994725 A 20011128 



Priority Applications (No Type Date): US 2001994725 A 20011128; US 

2000591687 A 20000612 
Patent Details: 

Patent No Kind Lan Pg Main IPC Filing Notes 

US 20030101116 Al 19 G06F-017/60 CIP of application US 2000591687 



Abstract (Basic) : US 20030101116 Al 

NOVELTY - Universal session manager (52) and validation module of 
lihe banking system, allows the customers (20) to access host server or 
remote server through single login to either the host or remote 
s--: V'ir. The hosu server provides consolidated homepage giving all 
: ' ■:.v-'-/jnt s or cusiiomer and provides links to the active accounts. 

:i-:i\:LED OSSCRIPTION - An INDEPENDENT CLAIM is also included for 
: - r.c: : i.a 1 service accessing method. 

liSE - Banking system for providing banking services e.g. opening 
and maintaining a checking account, applying for credit card or loan, 
paying bills, or accessing brokerage or financial planning services 

ADVANTAGE - The system enables a host service provider to replace 
or add remote services that a customer can access through the host 
service provider, without placing addition burden on customer to enter 
a new user name and password . 

DESCRIPTION OF DRAWING (S) - The figure shows the schematic view of 
the banking system. 

customer (20) 

universal session manager (52) 
pp; 19 DwgNo 1/4 
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International Patent Class (Main) : G06F-017/60 
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Integrated business system based on Internet 

ir:LenL Assignee: ICOLS INC (ICOL-N) 

inventor: HA T N; JANG G S; KIM H H; KIM I S; SHIN W G 
Number of Countries: 001 Number of Patents: 001 
Patent Family: 

Patent No Kind Date Applicat No Kind Date Week 

KR 2003010031 A 20030205 KR 200144773 A 20010725 200339 B 

Priority Applications (No Type Date): KR 200144773 A 20010725 
Patent Details: 

Patent No Kind Lan Pg Main IPC Filing Notes 
KR 2003010031 A 1 G06F-017/60 



Abscract (Basic): KR 2003010031 A 

NOVELTY - An integrated business system based on the Internet is 
provided to set a right of businesses such as an electronic decision, a 
web mail, a notice board, a schedule management /community, an SMS (Short 
Message Service), a question, etc. and all businesses related thereto 
through a single - sign - on , supply a vertical community service 
of a company, and enable a user to access to each business function 
easily using a supplied private web browser. 

DETAILED DESCRIPTION - A user inputs a user ID and password 



cnrough a client terminal, and accesses to an integrated business 
syscem(SlO). A web server of the integrated business system performs an 
access right checking process with respect to the ID and password 
transmitted from the client terminal ( S20 ) . If an access right of the 
user is confirmed, the integrated business system makes the user select 
and access a program process according to modules in one's private web 
browser (S4 0) . If the user selects a specific icon out of a group ware 
."lenu of the private web browser for progressing a business, a 
jorresponding processing is progressed ( S50-S59) . For example, in the 
rrise chat the user clicks an electronic decision icon, a form for an 
(^I'fcironic decision is displayed on the private web browser. The user 
: : ■ \s L he form and activates a shared user address list on a space for 
^: che upper deciding person name(S60), and designates a deciding 

Lv-^rscn in che activated address list information (S70) . 
pp; 1 DwgNo 1/10 
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Method for providing reports for use in communication systems, uses an 
operational support system that allows access to communications 
products and services via a single sign on operation 

Patent Assignee: BUSCH E M (BUSC-I); LESKUSKI W J (LESK-I); TRIVEDI P A 
i'TRIV-I); WORLDCOM INC {WORL-N) 

iMveriiior: BUSCH E M; LESKUSKI W J; TRIVEDI P A 



NijMiber of Countries: 
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Patent No Kind 
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100 Number of Patents: 002 
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Date 
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Provisional application US 2001276953 
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Abstract (Basic): WO 200275574 Al 

NOVELTY - Network system includes a network (110) interconnecting 
users (120) and an operational support system (130). The operational 
support system includes a network interface, capable of granting access 
' o i'he operacional unit based on received user identifier and password 
, and a report unit to which authorized user identifiers and passwords 
are passed for checking before access to the report unit is granted. 
DETAILED DESCRIPTION - INDEPENDENT CLAIMS are also included for the 
following : 

(a) A method for accessing a device in an operational support 
system; ( An operational support system; ( A system for providing 
reports . 

USE - For use in communications systems, to provide access to 
communication products and services . 

ADVANTAGE - Using a single sign on technique eliminates the 
need for a user to login once to access the products and services 

offered by the operational support system and a second time to access 
i' he reporting capability. 

: f.SCRTPTI0N OF DRAWING (S) - The figure illustrates an exemplary 
in which che single login method for providing reports may 

i-: : :r.pl sine need . 

f p; 4 7 DwqNo 1/13 
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Method for managing communication between distributed objects for 
synchronized computing in a network environment, uses client generated 
proxy objects as gateways between client local objects and remote objects 

Patent Assignee: ROUTE 101 (ROUT-N) ; NARAYAN S (NARA-I) 

Inventor: NARAYAN S 

N:i;aber or Countries: 097 Number of Patents: 003 
• '1 • -•') ': F^iiwi ly : 

■ • : • ::■ Kind Dace Applicat No Kind Date Week 

•'^■'i J A2 20020^25 WO 2001US32526 A 20011017 200239 B 
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US 2001981189 A 20011016 
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Priority Applications (No Type Date) : US 2001981189 A 20011016; US 
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Abstract (Basic) : WO 200233540 A2 

NOVELTY - In a computing utility partitioned into remote and home 
compute sets, synchronized computing is supported by enabling a client 
to download an interface description and use it along with access 
policy data to generate one or more executable proxy objects. The proxy 
objects provide a gateway used to control access between the client and 
other objects according to the rules defined in the access policy data. 

DETAILED DESCRIPTION - An INDEPENDENT CLAIM is also included for a 
computer-readable medium carrying one or more sequences of instructions 
for managing communications between distributed objects. 

USE - For managing communication between distributed objects to 
CM^able synchronized computing in a network environment such as the 
\ •-. ' ;? r: i\et . 

ADVANTAGE - The synchronized computing model provides a pay per use 
model and a subscription model for the software buyer. For the software 
deployer it obviates the need for hardware capacity planning, provides 
clearly defined boundary of trust, permitting mobility of shareable 
data and hence communication with peers outside the boundary of trust 
in a secure manner and provides on demand increase of computational 
power. For a software developer it provides software reuse capability, 
dynamic binding with available services within a computing utility, 
specialist creation of the internet widget that comprises of all layers 
from User Interface to hardware and it makes it possible for developers 
to use virtual objects to program networked devices. For the hardware 
developer it provides a framework for creating networked devices that 
can be integrated into software applications with superior quality 
integration an a networked device operational framework. For a software 
user it provides consolidation of trust and user data, improved 
security for executing applications from dubious sources, infinitely 
scaieable computing utility, superior integration of hardware that is 
part of the user's home compute set, secure single sign on with 
multiple internet services that have different usernames and 
passwords , ubiquitous access to computing, application and data 
resources and easy migration between computing utility providers. 

DESCRIPTION OF DRAWING (S) - The figure is a block diagram depicting 
the partitioning of a computing utility. 
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Remote service provider accessing method for Internet banking, involves 
transmitting retrieved data to remote service provider and directing user 
to it 
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ALs* race (Basic): WO 200197147 Al 

NOVELTY - The user name and password are received from the user 
and the data for accessing a remote service provider is retrieved 
based on the received data. The retrieved data is transmitted to the 
remote service provider and the user is directed to it. 

DETAILED DESCRIPTION - An INDEPENDENT CLAIM is also included for 
remote service provider accessing system. 

USE - For accessing remote service provider through a single 
login to host service provider for Internet banking which include 
banking services such as opening and maintaining a checking account, 
applying for a credit card or loan, paying bills or accessing 
brokerage or financial planning services . Also for services that 
.^'^l•]de [nternet search engines, other web sites that offer membership 
•-—vires, e-mail services, campaign advertising, etc. Also implemented 
' r I o:.:ah networked environments such as telephone network, satellite 

'linK-ciioD necwork or any other system that provides information to the 
■;sor. in networked fashion. 

ADVANTAGE - Provides a specific time limit which a user can spend 
logged into the system. 

DESCRIPTION OF DRAWING (S) - The figure shows a schematic diagram of 
remote service provider accessing system. 
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Password managing method involves accessing respective target 
resources by using retrieved targets in conjunction with locally 
accessible logon information 
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oi Countries: 001 Number of Patents: 001 
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Priority Applications (No Type Date): US 9870512 A 19980430 
Patent Details: 
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Abstract (Basic): US 6243816 Bl 

NOVELTY - Each of a set of ID password pairs is associated to 
each of a set of one or more respective targets for each given user. 
The global accessible database is accessed to retrieve stored targets 
of given user, in response to a given event which is entry of a single 

sign - on ID password . The retrieved targets are used in 
conjunction with locally accessible logon information to access 
respective target resources . 



DETAILED DESCRIPTION - The targets of each given user are stored in 
a globally accessible database. INDEPENDENT CLAIMS are also included 
for che following: 

(a) Personal key manager framework; 

{b) Computer program product 

USE - For managing password of user to access heterogeneous 
networks in computer enterprise environment. 

ADVANTAGE - Implements a single sign - on (SSO) mechanism that 
coordinates logons to local and remote resources in a computer 
enterprise with one ID and password . Allows users to sign-on to a 
client system one time entering one password . The SSO framework then 
signs on to other applications on the user's behalf. Enables efficient 
access to heterogeneous networks at reduced data. Has ease of use, 
secure authentication of users and logon coordination to multiple 
L- : ; 1 -a 1 1 ons . 

PT iON OF DRAW.lNG(S) - The figure shows the block diagram of 
: :;.-.^L ioiial coinponents of che single sign - on mechanism, 
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Single - sign - on based source accessing method for heterogeneous 
computer network, involves judging configuration parameters for each 
target resource during logon process based on which resources are 
accessed 

Patent Assignee: INT BUSINESS MACHINES CORP (IBMC ) 
Inventor: KAO I; MILMAN I M 

Number of Countries: 001 Number of Patents: 001 
Pacent Family: 

Patent: No Kind Date Applicat No Kind Date Week 

67759^4 Bl 20010814 US 9870511 A 19980430 200155 B 

. ,:'iL.y App 1 i. ca l i ons {No Type Dace): US 9870511 A 19980430 

: : -^Mi L Delia i is : 
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Abstract (Basic) : US 6275944 Bl 

NOVELTY - Configuration parameters representing type and 
information for identifying the given logon process and accessing 
methods of target resource and stored. During logon process with 
respect to target resources , the target parameters are verified. When 
the target parameters are recognized, the target resource is accessed 
using the parameters. 

DETAILED DESCRIPTION - INDEPENDENT CLAIMS are also included for the 
following : 

(a) System for enabling access to target on target resource in 
a distributed computer network; 

(b) Computer program product for enabling access to target 
application in distributed computer network 

USE - For single sign - on (SSO) based accessing of 
resources in heterogeneous computer network. 

ADVANTAGE - Eliminates need for specifying a particular program of 
the client or specific operating system by single sign - on 
mechanism, hence achieves efficient accessing at reduced cost. 

DESCRIPTION OF DRAWING (S) - The figure shows the flow chart 
explaining the change password operation. 
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Sharing master key among set of servers in single sign - on 
mechanism, involves establishing a keyed-server group identifying which 
server in set of servers, has a set key 

Patent Assignee: INT BUSINESS MACHINES CORP (IBMC ) 

Inventor: FANG Y; KAO I; WILSON G C 

Number of Countries: 001 Number of Patents: 001 

Patent Family: 

Patent No Kind Date Applicat No Kind Date Week 

US 6240512 81 20010529 US 9870462 A 19980430 200141 B 

Priority Applications (No Type Date): US 9870462 A 19980430 
Patent Details: 

Patent No Kind Lan Pg Main IPC Filing Notes 
US 6240512 Bl 15 G06F-001/24 

Abstract (Basic) : US 6240512 Bl 

NOVELTY - The method involves establishing a keyed-server group 
which identifies which of the servers in the set of servers have a copy 
of master key. At a given server, it is determined whether the 
keyed-server group has at least one of servers. If the keyed-server 
group does not have one server, the master key is generated at the 
< J i V e n server. 

DETAILED DESCRIPTION - An INDEPENDENT CLAIM is also included for 
computer program product. 

USE - For sharing master key among set of servers in single sign 
- on (SSO) mechanism used for accessing distributed application, 
database , printers and other resources in computer enterprise. 

ADVANTAGE - The sharing of key is based on easy to use interface 
and provides a consistent look and feel across operating system. It 
integrates with operating system based on open standards, supports one 
times' password and is capable of leveraging existing security 
infrastructure. Enables efficient access to heterogeneous networks at 
reduced cost, thereby increasing productivity for end users and system 
administrators in an enterprise computer environment. The design goals 
^j.::hieved are ease of use, secure authentication of user and logon 

oorciinacion to multiple applications. A logon coordination framework 
is provided so that each specific target can be easily plugged into 
single sign - on logon coordinator framework. This facilitates the 
s'jpport of vast range of client-server targets. 

DESCRIPTION OF DRAWING (S) - The figure shows the computer 
enterprise environment . 
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Single sign - on method to target resources for computer enterprise 
environment, involves coordinating user information with configuration 
directives, to enable user to logon to target application 
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lazi (Basic): US 6178511 81 

NOVELTY - The user specific information which enables user to 
access and logon to target resources , are stored for each of a set 
of users. During logon attempt by user, the user information are 
coordinated with stored configuration directive, to enable user to 
logon to target applications, without specifying the logon process. 

DETAILED DESCRIPTION - The configuration directives identifying 
logon process and methods to access application on the target 
resource for each of set of resources with different logon process, 
are stored. User ID/ password is validated for given user during logon 
attempt. State information associating the given user with the target 
application is also stored. INDEPENDENT CLAIMS are also included for 
che Lollowing: 

(a) System architecture; 

(b) Computer program product to enable access to target 
application on target resource ; 

(c) computer connectable in distributed computer enterprise 
USE - For use in computer enterprise environment. 
ADVANTAGE - The method provides single sign - on (SSO) 

framework which allows the personal key manager (PKM) and configuration 
information manager (CIM) , to be separated from the rest of SSO code. 
Thus, a new implementation such as Lotus Notes are added without 
causing a major redesign. The SSO framework provides logon 
■ rc! 1 na i: i on , so Chat each specific target is easily plugged. Thus, it 
■ ' 1-^ r ' ^- vasL range on client -server targets. Enables efficient access 
•. r.i; ;■ o rocjeneous networks ac reduced cost, thereby increasing 
L r ^r:! i V i u y for end-users and system administrators. Ease of use, 
:-e':ure authentication of users and logon coordination to multiple 
applications are achieved. Provides consistent look and feel across 
operating systems. Integrates with operating system logons and is based 
on open standard . It is capable of leveraging existing security 
infrastructures . 

DESCRIPTION OF DRAWING (S) - The figure shows SSO transaction, 
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Internet based service for personal web platform service has personal 
site nesting within family site which has access to geographically 
relevant content 
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Patent Family: 
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Abstract (Basic): WO 200113259 Al 

NOVELTY - At least one personal site (150) is created accessible to 
a resident through an access device; a unique identifier which has a 
telephone number is created for the resident; and nesting the personal 
site within a family site which has access to geographically relevant 
content. The family site is automatically created when a resident 
registers for the Internet based service (151). 

DETAILED DESCRIPTION - Resident information which includes 
residents login information for a third party site and data from the 
third party site retrieved on behalf of the resident is stored securely 
for access only by the resident 

An INDEPENDENT CLAIM is also included for An apparatus for 
:■ ; o V d 1 n g Internet based services. 

-SL^ - Web-based personal platform service that provides 
• IS jnii 2:able , personalized portable services. 

ADVANTAGE - All transactions involved with personal information are 
Hiade chrough the web-based focal point on the personal site, as the 
resident only needs a single login via a single access code to 
the service and not numerous logins and passwords , the ease of use 
and convenience is enhanced. Able to respond to critical events in a 
timely and efficient way, by intelligent screening and direct 
presentation helps users optimally balance the trade-off between 
efficiency and accuracy. 

DESCRIPTION OF DRAWING (S) - The figure shows a representation of an 
information flow model. 

Personal site (150) 

Web based service (151) 
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Priority Applications (No Type Date) : US 99301642 A 19990428 
Patent Details: 
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V :rv-i (Basic) : JP 2000347994 A 

NOVELTY - An authentication information peculiar to a server and 
: : I- rerrene from a master authentication information is supplied to the 
server to enable a client to access the limited resource controlled 
by the server. The authentication information is produced based on the 
data relevant to the server. The master authentication information is 
stored in the client. 

DETAILED DESCRIPTION - An INDEPENDENT CLAIM is also included for a 
single sign - on for network system. 

USE - For computer network. 

ADVANTAGE - Enables user to sign-on to many servers by using 
diLLerent passwords . 

DESCRIPTION OF DRAWING (S) - The figure shows the block diagram of a 
coinpuLer system. 
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Abstract (Basic): US 5944824 A 

NOVELTY - When a user accesses a specific network element, the 
single sign - on indicator digit is set in the user account . A 
log-on identifier and a new password are generated for network 



element and user account respectively, corresponding to organization 
password policy. 

DETAILED DESCRIPTION - The new identifier and password are set 
and are stored in a centralized security database after generation of 
log-on identifier and new password . When a user accesses network 
elements, the user is logged onto all network elements authorized for 
the user. The network element is set with the user account. An 
INDEPENDENT CLAIM is also included for secured network architecture. 

USE - For distributed network environments. 

ADVANTAGE - The security is enforced strictly due to total 
integration of several network security mechanisms and integration of 
ner work-wide authentication with local authentication. 

rMlSCRT PTION OP DRAWING (S) - The figure shows a process flow diagram 
' single sign - on method. 
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Balanced line-pair switching for cable management system with reduced 
number of crosspoint switches - provides routing of wired service lines 
between service lines connected on one side of centre plane board and 
user lines on other side 
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The cable management system routes wired services between service 
lines (16) and user lines (18). Each service line enters the cable 
system at a service termination unit circuit card (22) which also holds 
a portion of a crosspoint switch matrix (126). Each user line enters 
the system at a line termination unit circuit card (20) . The service 
termination unit circuit cards are all mounted to connectors (36) on 
one side of a centreplane board (24) and the line termination unit 
circuit cards are mounted to connectors (36) on the other side. 

Pins (37) extend through the centreplane board to interconnect 
the connectors so that any service line can be connected to any 
user line. A system controller card (26) communicates with the circuit 
cards via a bus (38). When the service and lines are made up of 
balanced line-pairs (218,224,222,226), in order to reduce the number of 
crosspoint switches (238) in the crosspoint switch matrix (228), the 
differential signals on the balanced line-pairs (218,226) are converted 
to single -ended signals on individual lines (240) . The individual 
lines are switched through the matrix and the signals are then 
reconverted back to differential signals on balanced line-pairs (222, 
224) . 
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EQUIPMENT AND RECORDING MEDIUM THEREFOR 
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ABSTRACT 

PROBLEM TO BE SOLVED: To change PW of all systems, which a user uses, by 
one operation by intensively managing the change procedure of a password 
(PW) at every system without damaging the convenience of single sign - 
on . 

SOLUTION: A connection terminal is connected to a computer securing 
security by PW which is set at every system which the user uses through a 
communication line. The equipment is provided with a PW change procedure 
reqistracion means registering the change procedure of PW at every system 
and a PW changing means which sequentially starts an application at every 
system and changes PW of the system in accordance with the registered 
change procedure of PW. It is inspected whether PW is changed or not as the 
result of the change of PW. When PW is not changed, a PW change performance 
guaranteeing means guaranteeing the change of PW in accordance with the 
registered PW change procedure with the starting of the next application as 
a trigger is added. Thus, security improves much more. 
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ABSTRACT 

PROBLEM TO BE SOLVED: To reduce the number of signal lines of a signal 
interface by supplying information related to signal lines deleted from the 
signal interface with the use of a combination of signals on the 
signal interface. 

SOLUTION: A pen driver circuit 104 processes a combination of signals 
including one of remaining signals on a signal interface 108 while omitting 
one signal of the interface 108, and supplied the omitted signal. In order 
supply information related to a signal line deleted from the signal 
. ' • ' : : -^r 108, the pen driver circuit 104 constitutes a 64- pin QFP 
- ^r-:---:.: ::ircuit co process the combination of signals including one data 
•:-::--:ei signal from the signal interface 108. Thus the number of signal 
oi the signal interface 108 can be reduced. 
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ABSTRACT 

PROBLEM TO BE SOLVED: To obtain a single log in using a portable 
niedium in an enterprise information system by sending user identification 
information from the portable medium when access is allowed and making the 
portable medium ineffective when access is not allowed. 

SOLUTION: An authentication client 22 is provided on the client side to 
perform an authenticating process using log-in information (certificate, 
user identification information, etc.). When the user fits the portable 
medium 700 to a portable medium reader 705, an authentication information 
input picture is displayed, and a password or biological information on a 
finqerprint, the retina, etc., is confirmed to judge whether access is 
: : . -vved or not. When it is judged that the user 11 is the regular user 11, 
single log - in process is performed as to a task authenticating 

: : . When not, the portable medium 70 is made ineffective by using the 

r.ey of the authentication client 22 and a note showing that the access 
: s :'.ci: allowed is sent to the user 11. 
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ABSTRACT 

BE SOLVED: To provide a security management method for 
transition from a present user authentication system by a user 
password to a single sign - on by the utilization of a 



job is requested by transmitting the information of the 
from a client 8 to a job server 6 and the confirmation of the 
certificate is requested by transmitting the information of the certificate 
from the job server 6 to an integrated authentication server 2. The 



: r.L-.^.^ rated authentication server 2 confirms the certificate, then obtains 
' ne security information of a user from a server 3 and checks the right to 
access the job server 6 of the user. At the time of appropriate access, the 
user ID, the password and access-to- data control information are sent to 
the job server 6. The job server 6 performs the authentication processing 
on the user and manages the access right to data thereafter. It is similar 
for a DB(data base) server 5 as well. 
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Single step log - on access provision method for differentiated 
computer network, involves manipulating data packets exchanged between 
network access server and authentication authorization and accounting 
server 
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Abstract (Basic) : US 6643782 Bl 

NOVELTY - The data packets exchanged between a network access 
server ( NAS ) (2) and an authentication authorization and accounting 
(AAA) server (4), are intercepted with a service selection gateway 

server (3) . The packets are manipulated by the SSG server, to 
v'!"i.':b]e a subscriber to log onto the SSG server automatically, when the 
: OS c r i be r logs onto NAS . 

DiZTAILED DESCRIPTION - INDEPENDENT CLAIMS are also included for the 
following : 

(1) apparatus for providing subscriber with single step log - on 
access to computer network; 

(2) system for providing single step log - on access for 
subscriber; and 

(3) programmable storage device for storing single step log - on 
access provision program. 

USE - For providing single step log - on access to subscriber 
oiT differentiated computer network. 

ADVANTAGE - Enables an authorized user to gain secure access to SSG 
server without re-entering user name and password data, or launching 
a separate application. 

DESCRIPTION OF DRAWING (S) - The figure shows a schematic diagram of 
differentiated computer network. 

subscriber personal computer (1) 

network access server (2) 

service selection gateway (3) 

authentication authorization and accounting server (4) 
computer network (5) 
public area (6) 
private area (7) 
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Single sign - on system for network-based application program, has 
sign-on server that saves sign-on information received from client, and 
sends it to client, when client computer signs on to application program 
server 
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A!.^s-racu (Basic): US 200300791O Al 

NOVELTY - A client computer (100) connected to an application 
yroqrain server (300) through a network (400), operates an application 
p:;ograrTi by signing on to application program server with received 
sign-on information. A sign-on server (200) connected to client 
computer, saves sign-on information received from client, and sends it 
to client, when the client computer signs on to the application program 
server . 

DETAILED DESCRIPTION - An INDEPENDENT CLAIM is also included for 
method of single sign - on process on a client computer. 

USE - Single sign on system for network-based application 
program in electronic mail or financial database management systems for 
management of company or organization, through network such as local 
area network (LAN), wide area network (WAN) and private network. 

ADVANTAGE - The user need not recite various sign-on passwords in 
mind, and the respective sign-on process for all application programs 
is simplified, thereby reducing the operation time. 

DESCRIPTION OF DRAWING (S) - The figure shows a block diagram of the 
application program single sign - on system. 

client computer (100) 
single sign on server (200) 

network (400) 
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Absuract (Basic): JP 2003050781 A 

NOVELTY - An acquisition unit acquires the certification 
information from a database (331) based on input ID number and 
password and stores temporarily in a storage unit. A starting section 
(504) starts arbitrary application program temporarily, based on the 
certification information stored in the storage unit. 

DETAILED DESCRIPTION - INDEPENDENT CLAIMS are included for the 
fol lowing : 

(1) personal identification program; 

(2) version management apparatus; 

(3) personal identification method; 
[A] version management method; and 
(5) version management program. 

USE - Personal identification apparatus using internet for in-house 

sys t em . 

ADVANTAGE - Unitary management of individual certification 
information is performed efficiently. Single sign - on function is 
performed more smoothly in some applications by using each 
certification information. 

DESCRIPTION OF DRAWING (S) - The figure shows an explanatory drawing 
of the personal identification system. {Drawing includes non-English 
language text ) . 

database (331) 

starting section (504) 
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Authorization system for authenticating client receiving service through 
network, has single authentication device used by multiple site servers 
for authenticating client 
Patent Assignee: TOKYO MITSUBISHI GINKO KK (TOKM-N) 
Number of Countries: 001 Number of Patents: 001 
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Abstract (Basic): JP 2004038646 A 

NOVELTY - Site servers are connected with an authentication device 
(5) for authenticating a client (3) using the same authentication 

• : o-e . 

'JETAILED DESCRIPTION - INDEPENDENT CLAIMS are also included for the 
: ' 1 owing : 

(1) authentication device; and 

(2) site providing device. 

USE - Authorization system for authenticating client receiving 
various service from site server, through network. 

ADVANTAGE - Improves security of authentication easily without 
providing original authorization system for each site server, 
implements single sign - on (SSO) function without performing input 
of identification (ID) and password (PW) of other site servers one by 
one and enables performing payment easily using the payment server. 

DESCRIPTION OF DRAWING (S) - The figure shows the schematic diagram 
or the network structure used for the authorization system. {Drawing 
:.r:cludes non-English language text). 

network (2) 

client (3) 

authentication device (5) 
payment server (7) 
payment authentication server (9) 
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Electronic business management method using Internet, involves 
registering unauthorized users in global procurement application, for 
accessing desired links stored in customized homepage built for user 
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■': . * : . - (Basic) : US 20020104018 Al 

:.'OVELTY - An unauthorized user is prompted to register in a global 
procurement application in a supplier portal common registration (PCR) 
by obtaining user ID/ password . The user and the application 
information are stored in the corresponding databases. A customized 
homepage including approved links is built for the user, based on the 



stored information and displayed after authorization. 

:}i-:TAILED DESCRIPTION - An INDEPENDENT CLAIM is included for data 
: r '•'Sr^inc: system. 

■JSE - For managing electronic business, technical and operational 
^laia, using Internet. 

ADVANTAGE - Eliminates redundancies and speeds up application use 
through a single user login and consistent user interface. Allows 
user to access all e-business application through streamline 
registration process. 

DESCRIPTION OF DRAWING (S) - The figure shows a flowchart explaining 
the process of initiating user registration by the supplier. 
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desired referring level to D bar input of programmable logic circuit 
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Abstract (Basic): US 6429680 Bl 

NOVELTY - The integrated circuit has several internal references 
(18,22) representing complementary metal oxide semiconductor (CMOS), 
emitter coupled logic (ECL) or positive emitter coupled logic (PECL) 
reference levels. A multiplexer couples the internal reference that 
corresponds to single -ended signal on D input, to D bar input 
(16) of a programmable logic circuit (10) through a programmable pin 
(24) . 

DETAILED DESCRIPTION - INDEPENDENT CLAIMS are included for the 
following : 

(1) Logic circuit; and 

(2) Logic circuit configuring method. 
USE - Integrated circuit. 

ADVANTAGE - The use of multiplexer for selecting the desired 
inuernal reference, eliminates need for external connections to program 
PLC for selecting various internal references corresponding to the 
input signal . 

DESCRIPTION OF DRAWING(S) - The figure shows a schematic view of 
the logic circuit. 

Programmable logic circuit (10) 

D bar input (16) 

Internal references (18,22) 

Programmable pin (24) 
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Abstract (Basic) : KR 2002011608 A 

NOVELTY - A method for automatically becoming a member of an 
Internet site and performing a log-in is provided to authorize a user 
without performing a log-in by transmitting member information to the 
sub site. 

DETAILED DESCRIPTION - In case that a user of a main site clicks a 
sub site linking to the main site, an SSO{ Single Sign On ) module 
is called {S700) . It is judged whether the user performs a log-in to the 
main site{S710). It is judged whether the user is a member of the sub 
5Li:e{S720). In case that the user isn't the member of the sub site, an 
.'.-o [aeaibership link is outputted {S730 ) . A log-in screen of the main 

Le Ls outputted. An ID and a password are inputted from the 
*jser(S740). In case that the user is the member, the user automatically 
performs a log-in to the sub site(S750). In case that the user is the 
member, agreement provisions of the sub site are outputted ( S7 60 ) . It is 
judged whether the user agrees to become a member (3770 ) . In case that 
the user agrees to become the member, an SSO interface module gets 
member information of the main site(S780). It is judged whether the 
user is the member of the sub site(S790). 
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Abstract (Basic): US 6311275 81 

NOVELTY - A service selection gateway (SSG) server (3) linked to a 
network access server (NAS) (2) and an authentication, authorization 
and accounting (AAA) server (4), intercepts and forwards data packets 
input by subscriber between the servers. Information in the data 
packets are processed for enabling the SSG server to automatically log 
the subscriber onto the SSG server, when the subscriber logs onto to 
NAS . 

DETAILED DESCRIPTION - INDEPENDENT CLAIMS are also included for the 

following : 

(a) Subscriber single step log - on access providing apparatus; 

(b) Programmable storage device that stores subscriber single 
step log - on access providing program; 

(c) Subscriber single step log - on access providing system 
USE - For providing simplified access to subscribers of 

differentiated computer network e.g. Internet, private intranet. 

ADVANTAGE - The SSG server provides single step log - on access 
to a subscriber to additional areas of the network without requiring 
the user to re-enter user name and password or launch a separate 
applicat ion . 

DESCRIPTION OF DRAWING (S) - The figure shows the schematic diagram 
■ f p.prwork of SSG, .AAA and NA servers and differentiated computer 

NA server (2) 
SSG server (3) 
AAA server (4) 
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Abstract (Basic) : WO 200155822 Al 

NOVELTY - A user (11) sends a log-on request (21) to a log-on 
authenticator (22) using a name and password and, following a 
successful authentication, the user may interact with a service 
requester (REQl) and may send a future request to launch a service 
requester (REQ2), which is received in a password requester (24) and 
is passed to a password requester (25) in a security server (16) . 
Passwords are encrypted by an encrypter (27) and then decrypted by a 
decryption device (28), to form a password for requester (REQl). 

DETAILED DESCRIPTION - AN INDEPENDENT CLAIM is included for a 
method of providing a user with access to distributed applications. 

USE - Providing access to multiple distributed software 
applications with a single user log - on . 

DESCRIPTION OF DRAWING (S) - The drawing is a block diagram of the 
system 

User (11) 

Authenticator (22) 

Service requesters (REQl, 2) 

Password requesters (24,25) 
::^ncrypcer (27) 
Decrypter (28) 
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client and server using various management tools 
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Abstract (Basic): WO 200133468 Al 

NOVELTY - The client and server connected together are supported 
v::'h software distribution, configuration and asset management, fault 

.ji.ci.jeinenc and recovery management, capacity planning, performance 
:• 1 :.a jernent: , license management, remote management, event management, 
syscem monitoring and tuning, security, user administration and help 
desk cools, and production control application set. 

DETAILED DESCRIPTION - INDEPENDENT CLAIMS are also included for the 
following : 

(a) Method of developing architecture; 

(b) Data warehouse computing system 

USE - For data warehouse computing system. 

ADVANTAGE - Eliminates need for end users to remember user names 
and passwords to all business applications, since management tools 
implement single sign - on application. 

DESCRIPTION OF DRAWING (S) - The figure shows schematic block 
n lag ram of warehouse computing system. 
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: : (Basic) : WO 200067415 A2 

NOVELTY - The cryptographically assured voucher included in cookie 
received from web site (110) of content service provider, is 
authenticated at the side of web site (120) for electronic bill 
presentment and payment without requiring the user to explicitly 
identify himself to web site (120) . The user characteristic is 
extracted from authenticated voucher, corresponding to which required 



r*:;:ons are performed. 
L/oTAILED DESCRIPTION - The web site (110) of content service 
; :*:vider is accessed from the user's computer (100) having web browser, 
and uhe cookie including digital voucher of user characteristic is 
received from the web site (110) for transmitting to the web site (120) 
for electronic bill presentment and payment, after authenticating the 
user to the web site (110) . The user characteristic included in the 
digital voucher of cookie, comprises user's network identity and user's 
session preferences. INDEPENDENT CLAIMS are also included for the 
following : 

(a) system for performing transferable authentication; 

(b) data structure for transferable authentication 

USE - In Internet for securely transferring user authentication 
from one web site to another web site using cryptographically assured 
cookies, to make interaction of user with other web sites without re 
authenticating himself. 

ADVANTAGE - Avoids need for the user to remember authentication 
information such as user names and user passwords for each business 
web site. The user authentication information is transferred easily, 
seamlessly and securely, thus facilitating reliable transactions in 
which user is not necessary to know the other web sites or the user is 
not inconvenienced by having to separately authenticate himself. 

DESCRIPTION OF DRAWING (S) - The figure shows the explanatory system 
allowing authentication and single sign on using 
crypcoqraphically assured cookies. 

Web sices {100,110,120) 
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Abstract (Basic): RD 429128 A 

NOVELTY - The process begins when a user uses their web browser to 
request content (such as a user's personal home page) from a content 
Servlet. The content Servlet will attempt to retrieve an SSO cookie 
from the web browser. If the cookie is not found, or its timestamp 
indicates that it has expired, the Servlet begins the login process. 

DETAILED DESCRIPTION - Otherwise, the Servlet will use the 
authentication data encrypted in the cookie to authenticate the user in 
the Servlet 's JVM. If this authentication fails, the Servlet will begin 
the login process. If it succeeds, it will send the content the user 
requested (the home page) . 

USE - For authentication of Servlet/Applet /HTML . 



ADVANTAGE - (a) The user will not have to log in twice if the Java 
login Applet is used. The login Applet logs the user in to the Applet 
JVM, so all Applets later launched in that JVM will recognize the user 
as being logged in. Then the Applet sends a request to the login 
Servlet to continue the process; (b) Java and JavaScript are not 
required. If the user (or system administrator) does not expect to use 
authenticated Java Applets, the HTML login form can be used. This will 
log the user in with a Servlet and set the Single Sign - On cookie. 
This login process only requires a web browser that supports cookies 
-::r.d secure connections via HTTPS; (c) Using a minimum of Java makes 
■wob-based applications more flexible and more likely to run in a wide 
variecy of web browsers on a variety of platforms. Web browsers often 
implemeni: Java differently, which sometimes necessitates 
browser-specific code. This code makes web applications more fragile 
and buggy, and it prevents them from being used with browsers or 
platforms that were not tested with them while they were being 
developed; (d) Less memory is used on the client in most cases. If the 
HTML login Is used, no Java classes are loaded on the client. The login 
Applet loads only a minimal set of Java class archives (significantly 
less than the ODS Applet Launcher) . Any other Applets load additional 
class archives only as they are needed; (e) Configurable security. The 
user name and password are always sent over secure connections. The 
SSO cookie in the web browser is encrypted so it cannot be read easily. 
The domains which can retrieve the SSO cookie are 
administrator-controlled, so it can only be retrieved by trusted 
servers. In case the cookie is stolen from the network, it expires 
after an amount of time chosen by the ODS administrator. Other Servlets 
will respond via either HTTP or HTTPS, depending on the system 
'administrator's preference. Applets are loaded via HTTP for technical 
reasons, but they always communicate back to the server via HTTPS or 
secure RMI; (f) Single Sign - On can also authenticate the user to 
use other web applications that support SSO. 

DESCRIPTION OF DRAWING (S) - The diagram shows an overview of the 
authentication process. 
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User with respect to multiple computer servers authenticating - issuing 
password to work station from authentication broker in response to 
access request from work station to password -based server within 
distributed computing network 
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J— '..oi (Basic): US 5684950 A 

The method involves providing an authentication broker within a 
distributed computer network. An authentication request is then 



received from a workstation at the authentication broker. A Kerberos 

: : -rCt-L Granting Ticket is issued to the work-station from the 

: : - r:: :..':aLion broker aicer a determination that the authentication 

:-.-q'j'^Su is valid. A Kerberos Service Ticket is issued to the 

w.^:, ksiiacion from the authentication broker in response to an access 

request from the workstation to a Kerberos Ticket-based server within 

the distributed computing network. 

The method further entails issuing a pass-ticket to the workstation 
from the authentication broker in response to an access request from 
the workstation to a pass-ticket-based server within the distributed 
computing network. A password to the workstation from the 
authentication broker is issued in response to an access request from 
the workstation to a password -based server within the distributed 
computing network. As result an accesses to all the servers are granted 
via a single network authentication request. 

USE/ADVANTAGE - For processing sign-on-request s within distributed 
control network. Allows authenticating authorised user to all computer 
servers within distributed computer environment that are available to 
authorised user after single network sign on without scarifying 
network security. 
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Digital recording and reproduction of speech signals - combining 
signals in time frames with digital codeword formed for each frame 
contg. three individual codewords and storing overall codeword in 
memory 
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Abscracc (Basic) : US 5251261 A 

The method involves combining digitised speech sampling values of 
i he speech signal in a respective time frame, for each time frame, one 
: :r:nina a digital overall code word which accommodates a first 
code word for zhe speccral envelope (Short Term Prediction, STP, 
code word ) , a second code word for the periodicity (Long Term 
l-redicuion, LTP, code word ), and a third code word for a 
::esidual signal (Regular Pulse Excitation, RPE, code word ) . 

The digital overall code word is stored in a memory, and the 
speech signals from the stored digital overall code word are 
reproduced. The overall code word contains a STP parameter 
repetition symbol which indicates whether the overall code word 
contains an STP code word or not. The STP repetition symbol is 
formed w.r.t. a comparison between speech sampling values of a first 
time frame and of a second, already encoded time frame. 

USE - E.g. in telephone answering appts. Avoids degrading acoustic 



quality of speech, 
li 
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Abstract (Basic): US 5241594 A 

The system includes a user computer comprising a communication 
program including a multiple log^on procedure that can communicate wit 
a remote computer and that employs a secure transport layer protocol 
chat permits secure file transfer between computers of the distributed 
system. The user program includes a stored file including a user ID 
*:c6e and an encrypted password that permits access to the remote 
:on!puLer from the user computer. A remote computer includes a 
communication program that responds to that on the user computer, that 
employs the secure transport layer protocol, and that comprises a 
scored file including a user ID code and an encrypted password that 
permits access to the remote computer. 

A network interconnects the two computers, and a service request 
entered from the user computer is processed by the multiple log=on 
procedure which accesses the stored file that contains the user 
identification code and encrypted password . The log=on method 
decrypts the encrypted password of the remote computer, transfers th 
ID code and decrypted password to the remote computer, and logs the 
user computer onto the remote computer. 

ADVANTAGE - Safe, user transparent log=on method. Does not require 
special hardware. 
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demodulate other sideband signal 
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. •■ ■:■ . :Basic) : DE 374 1610 A 

a: rancemenc has a first mixer (Ml) converting the first 
■ : vM inecii a ue frequency (ZFl) into a second IF frequency (ZF2) using 
• a first fixed signal (Fl) or a third fixed signal (F3) derived 

L rem che first fixed signal (Fl). A second fixed signal ( F2 ) is mixed 
with the second IF signal in a second mixer (M2) . 

The second fixed signal is doubled in frequency (M3) and mixed (M4) 
with the first fixed frequency to give the third fixed frequency. The 
switches (S,S') switching the first and third fixed frequencies to the 
first mixer are PIN diodes. Appropriate filters (Fi) are used. 

ADVANTAGE - Few parts. The second sideband can also be received. 
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Computing recording process logical analyser - has control words 
generator with output converted for instruction number register 
addressing recording session instructions memory 
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Abstract (Basic): SU 1357958 A 

The circuitry contg . recording channel inputs (1) to the buffer 
register (2), clock inputs (3), clock pulse shaper (4), code words 
decoder (5), delay lines (11), data memory (12) and recording 
controller (13), has a control words generator (6), control words 
converter (7), single pulse shaper (8), instruction number register (9) 
and instruction memory (10). 

The course of an investigated process is monitored by a program 
compiled by the user. Set events and associated data-blocks are 
recorded. Recording conditions are changed according to how the 
investigated process develops. The recording program can be branched. 
Control action is based on logical functions of code words . The 
code word is a code combination in which each digit corresponds to a 
recording channel. The control words define switching combinations of 

signals in the data flow for control of the recording process. The 
recording program is a list of control codes. 

USE/ADVANTAGE - In computer engineering in recording and logical 
analysis of data obtd. during adjustment and performance testing of 
complex digital appts. and systems mainly with a rail structure for 
c:ai:a and control signals exchange, the recording process is controlled 
r\' ^ifbitrarv logical and time functions of code words . 
.'IS/7. 12^87. 
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/■r:.s:.r-ct (Basic): US 3931499 A 

An apparatus for counting and indicating the number of bowling 
games played in a bowling establishment having a plurality of lanes, 
each equipped with an automatic pinsetter. A count of eleven feedback 
counter provides a single output signal in response to eleven 
frame input signals each of which may be taken from the various 
automatic pinsetters each time a frame is played on any one of the 
lanes to convert frame signals to game signals. 

The output signal from the counter is then fed to a totaliser 
indicator which indicates the number of output pulses received as 
indicative of the number of games played in the bowling establishment 
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One-time logon means and methods for distributed computing systems 
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Moyens et methodes d' entree en une fois pour systemes distribues 
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ABSTRACT EP 573248 Al 

Apparatus and methods of authenticating users in a distributed 
networked computing system (10). The system (10) may comprise a central 
server (12) embodiment that includes a file (19) wherein IDs and 
encrypted passwords (30) are stored, or a distributed system embodiment 
where IDs and encrypted passwords (30) are stored in files (19) at each 
respective computer in the system (10). A multiple logon procedure (16) 
and secure transport layer protocol are used with a user's communication 
soHuware and network communication software. When a user desires to use a 
parLicular computer (13), logon requests are processed by the multiple 
:o':on procedure (16) and it accesses the stored file (19) that contains 
I. he user's ID and encrypted password, decrypts the password (30), 
accesses the remote computer (13), and logs the user onto that computer 
(13). In che central server system all IDs and encrypted passwords (30) 
are stored on a single computer (the server (12)) that controls access to 
the entire distributed system (10). Once access is granted to a 
particular user, nonencrypted passwords (30) are transmitted to the 
remote computers (13), since the server (12) controls the entire system. 
In the distributed version, password files (19) are stored in all 
networked computers (13), and once a user logs on to a computer (11), if 
the user wishes to use services at a second computer (13), the 
authentication information is forwarded to the second computer (13) using 
the secure transport layer protocol to protect its integrity, and after 
receiving the authentication information, it is compared with 

jl hem ica t: ion information for the same user stored in the second 
compucer (13). If the authentication information matches, the user is 
:c'jqed onr.o the second computer (13). (see image in original document) 
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■;.A:>'S .server (.12) interposed between the workstations (11) and the 

refTioce computers (13), said method further comprising the steps of: 
: -':ri.riq a :ile (19) on the server (12) that comprises each user 

identification code and encrypted passwords (30) for all computers 

in the distributed computing system (10); 
providing a predetermined multiple logon procedure (16) that operates on 

a workstation (11) that is adapted to interface between a workstation 

(11) and a plurality of remote computers (13); 
using the multiple logon procedure (16) to generate a service 

request (42) at the workstation (11) for a service available at a 

remote computer (13) and transmit the service request (42) to the 

se rver (12. . . 
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Detailed Description 

. . . prior to registration as well as making additions and deletions to 
available domain names for load balancing purposes. 

5. Generation of E-mail and FTP passwords enhances security for end 
users. During completion of the registration process the NetSafe 
recisLration server (s) will generate MD5 based secure E-mail and FTP 
5oace passwords . These passwords will automatically be added and 
.on r: iqu red into the appropriate and predefined application's for the 



6. Single -user sign - on assures transparent and secure web site 
access. The NetSafe NEAT! Software architecture with its client side 
authentication provides one of the best ease of use- features on the 
Internet today: single -user sign - on . What is single -user sign - 
on ? It's the capability for a user to log in to the Internet without 
worrying about passwords and log-ins for secure web sites. The NetSafe 
NEAT! Software automatically identifies the user without any user 
intervention. Unlike cookies, the latest security buzz... 
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... be tightly synchronized with the AS clock. 

The requesting machine's file system allows any process with the user's 
identification to read a cached single - sign - on key, Ksso. Such a 
■'ley is a strong session key established between the user's processes and 
the AS during initial login . It is used to access other services 
wi. thout having to provide a password every time. 

Variables in the main memory (containing Kold and Knew) are only readable 
by the process which allocates them. 

The Pr6tocol according to the... 
...an idempotent "flip-flop" request. 

After a first CPW request without successful receipt of an 
acknowledgement, the principal must simply retransmit his request. The 
authentication server , AS, knows in this case either the present key, 
Kold, or the new key, Knew, depending on whether the CPW request or the 
acknowledgement got... 
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ABSTRACT: Apple Computer Inc has just made existing Macintoshes more 
powerful by offering a suite of inexpensive system extensions as part of 
Sysrem 7 Pro, the company's new system software. Customers purchasing the 
:-^::i-.e will receive the PowerTalk, AppleScript and QuickDraw GX programs, 
w:::..:. will enable them to print via a single icon, pass data throughout 
-jpc 1 i ca i: i ons without letting go of the mouse and send e-mail without 
leaving che paint program. QuickDraw GX, Apple's new imaging architecture, 
offers a range of new typographic and graphic capabilities. PowerTalk 
offers an Apple Open Collaboration Environment (AOCE) -based suite of 
software technologies that standardize all forms of communications. 
AppleScript sits on top of Apple events and automates multistep tasks; it 
also lets users tell multiple AppleScript applications the jobs they should 
perform. 

TEXT: 

The hottest new Mac of the year is almost ready. It offers 
more-powerful features but is simpler to use than any other. You won't have 
to plop down five grand to get it, and it won't be obsolete in six months. 
No, it's not the Quadra 840av, the PowerPC Mac, or the Newton. It's the Mac 
you have now -- running a suite of inexpensive new system extensions that 
will revitalize it. 

Your rejuvenated Mac will be running PowerTalk and AppleScript --which 
were just released as part of System 7 Pro, Apple's new, advanced 
system-software package ($149) -- and QuickDraw GX . Apple will continue to 
sell the current version of system software. System 7.1, at a reduced price 
of $79. With the new software, you will be able to print at the drop of an 
icon, send e-mail without leaving your paint program, and pass data among 
applications without lifting a finger from your mouse. 

QuickDraw GX, PowerTalk, and AppleScript are system extensions; they 
■^xiend the functionality of the operating system. This software trio won't 

v'^'^^*'=" t^^iC faster, but it will speed up the way you work with your Mac. 
r pnsions will change how your Mac looks and acts and will be a more 
;c:c:: L and powerful upgrade than buying a new box. 

On the next few pages, we preview what some of the new features will 
look like. We look first at QuickDraw GX, which by itself adds more 
features to the Mac than System 7 did. QuickDraw GX has something just 
about everyone can use. Powerful new graphics routines let any application 
produce sophisticated color and transformational effects. Smart fonts 
automatically adjust the typographical parameters of a character, depending 
on where it falls in a word or a line. Color-management software goes a 
long way toward making colors produced by scanners, printers, and monitors 
look the same. 

PowerTalk is the user implementation of AOCE (Apple Open Collaboration 
Environment). Apple also sells the PowerShare Collaboration Servers package 
($999) , which provides directory, messaging, and security services for 
workgroups. AOCE takes the current maze of communications -- be it LAN or 
WAN, modem or fax (you name it) -- and organizes it neatly on the desktop. 
E-mail becomes as integral to the Mac as cut-and-paste, and network 
security becomes fortified yet transparent to users. 

AppleScript ties it all together, letting you automate complex or 
routine tasks. For example, using AppleScript in conjunction with 
PowerTalk, PowerShare, and off-the-shelf third-party software, you can 
create customized work-flow systems that pass data among applications on 



one or more Macs. 

These new system extensions offer more than new features, however. 
Each embodies an enabling technology that software companies can build on 
for years to come. Although QuickDraw GX, PowerTalk, and AppleScript add 
great improvements to the Finder, you'll need to use applications that take 
advantage of them to get the greatest benefits. 

The new technologies are built on top of System 7; if you * re still 
using System 6, it's time to switch. Take a look at the Mac to come, on the 
following pages. 

QuickDraw ■ GX 

QuickDraw GX Requirements 
System: 7.1 or later. 

RAM: 1 megabyte in addition to current system needs. 

C'lsk space: 1.5 megabytes; 2.5 megabytes if you install GX fonts. 

Minimum processor: 68020. 

Apple's new imaging architecture, QuickDraw GX, will bring a wealth of 
new graphic and typographic capabilities to those Mac applications that 
take advantage of it. Among the highlights of GX, expected to be released 
to developers by year's end and to users in early 1994, will be rotation, 
skewing, and transparency of any graphic object, including text; new font 
capabilities, such as automatic ligatures and swash characters; and an 
extensive color-management architecture for matching input from scanners to 
output from desktop printers {see "Getting Color in Sync," March '93, page 
165) . Many applications offer some of these features already, but GX will 
make them commonplace. Major new enhancements will also be available in the 
area of printing, among them a streamlined printing interface: Users will 
be able to print files by dragging and dropping them onto desktop printer 
icons, which the GX Chooser will create. 

--Henry Bortman 

QuickDraw GX has these components: 
QuickDraw GX extension. 
Adobe Type Manager GX. 

ColorSync (a color-management extension). 
PrinterShare GX {which replaces PrintMonitor ) . 
GX-savvy fonts such as Hoefler and Tekton GX . 
It has new versions of the following: 
The Chooser. 
The Finder. 

'"he Network extension. 

r; rivers for Apple printers. 

The following utilities are also included: 

Compatibility Checker, for detecting old printer drivers and providing 
niunbers to call for new ones. 

PaperType Editor, for defining custom page sizes. 

PostScript Type 1 Font Repackager, for converting Type 1 fonts to 
GX-readable format . 

LaserWriter Utility, which can handle the repackaged Type 1 fonts. 
TeachText GX, which doubles as a viewer for queued print documents. 
Different Page Sizes 

You can set up different page dimensions for each page in a GX 
document. In the sample document shown here, for example, the first page is 
business-card-sized, the second page letter-sized. Clicking on the icons at 
the top left of each page brings up the By Page Setup dialog box (not 
.^hown), which is also accessible from the File menu. 

Print One 

When QuickDraw GX is running, pressing Command-P invokes the Print One 
"'opy co.mmand, which prints a single copy of your document, using whatever 
settings are already established in the Print dialog box. 

Smart Fonts 

GX fonts, TrueType as well as Type 1 {PostScript), support extended 
character sets, such as the swash capital, ligatures, and lowercase 
{old-style) numbers shown in this example, along with automatically 
formatted fractions. GX ' s Line Layout Manager automatically substitutes the 
ffi glyph (or symbol) when it encounters the f-f-i combination in the word 
efficient. Note that it's possible to select the individual characters in 
"he glyph. Before GX, each ligature was treated as a single combination 
'ha;v.:ct:er that required special key combinations or special fonts called 
hxprjrt Sets and fractions had to be created manually. 



New Type Controls 

A type-control palette is a standard part of the GX interface. It lets 
you set tracking, choose among different variations such as the width and 
weight of multiple-style fonts, and turn on and off features such as 
initial-swash caps and automatic fractions. Application developers may 
choose to implement the GX standard or continue to use their own type 

-^n" ro.Is . (The palette shown here is an early prototype; the final version 
wc:S r.Lvc complete at press time.) 

Customized Printing 

A new printer-extensions list, accessible from the Print dialog box, 
lets you customize your print jobs -- for instance, you can have the word 
Confidential screened in the background of any document. GX will ship with 
several standard printer extensions; application and utility vendors will 
also provide printer extensions. 

Graphic Effects 

GX offers several graphics effects and transformations previously 
available only in high-end programs. Applications that take advantage of GX 
can make any graphic object, including text characters, transparent. GX 
also enables full rotation of any graphic object, including text, and 
.s'.ipporiis limited 3-D perspective. 

:^-]--v Any Printer 

«iX Print dialog box lets you select, at print time, any printer 
' : a:.*: :r. you have a desktop printer icon, even if the printer is on a 

New Chooser 

Selecting a printer in the GX Chooser creates a desktop icon for that 
printer. You can select the default printer by clicking on it on the 
desktop (here the printer Yr LaserWriter, surrounded by a heavy line, is 
selected as the default), and you can print a file by dragging its Finder 
icon to a desktop-printer icon. Also, when GX is active, any printer, even 
one attached directly to a Mac's serial port (such as My ImageWriter, shown 
here), can be shared on a network. 

Print Spooling 

■Zcich desktop printer under GX maintains its own print queue. Spooled 
priiH iobs can be dragged from one printer's queue to another (to redirect 
r: print job) or from a print queue to the Finder's Trash (to delete the 
print job) . Double-clicking on a print-job icon in a print queue displays a 
preview of the printed document in a TeachText GX window. 

PowerTalk 

PowerTalk Requirements 
System: System 7 Pro. 
RAM: 5 megabytes minimum. 

Disk space: 1.5 megabytes extra for incoming messages. 
Minimum processor: 68000. 

AOCE (Apple Open Collaboration Environment) is a suite of software 
technologies that standardizes all the communications you do, whether over 
a network or telephone line or via floppy disk. Apple's first retail 

.(Kn-}r\ i: anions of AOCE technology are PowerTalk client software and the 
; x-':::nare Collaboration Servers package. The PowerTalk software on your 
:*:-:■• :.\osr: connects AOCE-savvy applications to mail, directory, and security 

->:vi. jes, either on a direct Mac-to-Mac basis or via PowerShare servers. 
This new server software -- PowerShare Catalog and Authentication Server 
and PowerShare Mail and Messaging Server provides user authentication, 
store-and-f orward messaging, data encryption, and directory services to 
users' Macs as well as to remote log-on services. 

Apple's new System 7 Pro includes a slew of extensions; the Personal 
Directory; and AppleMail, an application that's best described as a 
mail-enabled TeachText. System 7 Pro presents you with a new Finder 
(7.1.1), which has a compound mailbox containing all incoming messages and 
has a Catalogs icon that lets you access shared lists of people and 
resources on your various network and communication services. 

--John Rizzo 

Compound Mailbox 

The PowerTalk compound-mailbox icon, which appears on your desktop, 
provides access to your personal In Tray, which contains all the messages 
you receive. These can include e-mail messages from LAN services such as 
QuickMail, dial-in services such as CompuServe or the Internet; fax 
messages; document files; and even voice-mail messages. 



Digical Signature 

When sending a message, you can choose to activate a digital 
siqnacure, a security measure that guarantees to the recipient that the 
message has not been tampered with and is really from you. Dropping a file 
onto this icon digitally marks the file as "signed" by you. Signature 
fields can also be embedded in the mailers attached to documents created by 
some applications. 

Application Mailer 

AOCE-savvy applications (such as this mock-up of a spreadsheet 
program) can embed collapsible mailers at the top of document windows, so 
you can send a document as a mail message. You can add enclosures -- an 
i 1 1 U.St ra t ion from the marketing team, for example -- by dragging files from 

• '.r' Kinder i:o che Enclosures field. 

^ -p Oa t abases 

I : : rx: an ieem from a catalog to the desktop creates a file called a 
.--ire Lhat can contain a user's network and e-mail addresses, 
— ■ ':. :\oiie and fax numbers, and even a picture of him or her. Included 
: ^Mnplaues offer various views of information, but you can create your own 
layouts coo. The AOCE architecture also allows for the design of 
business-card templates by third-party developers. 
Collaborative Catalogs 

When you double-click on the Catalogs icon, you find catalogs 
representing your network environment. For example, the AppleTalk catalog 
mimics some features of the Chooser, such as displaying zones and 
AppleShare-compatible file servers. It also lists PowerTalk users' 
machines. The Telephone catalog, which holds names and numbers of your 
contacts, can be used with a program that dials voice numbers for you. 
Other catalogs might include directories of e-mail users or an X.500 
directory for big LANs or WANs. The Novell catalog might contain users and 
services on a Novell NetWare network. The DEC DDS catalog might do the same 
for DECnet . You can also create personal catalogs on the desktop, listing 
people and services with whom you communicate regularly. 

Open Multiple Servers 

PowerTalk lets you log on to multiple servers from within a single 
log - on dialog box and password, although each server has its own 
password . These servers can be almost anything: a file server, a 
QuickMail server, even a CompuServe account. PowerTalk Key Chain, one of 
three new icons PowerTalk adds to the desktop, contains the list of servers 
you automatically connect to from the Sign-On dialog box. When you log 
on to the PowerShare server, the authentication service verifies your 
ideiitity and privileges by using a security technique called public-key 

• ';nv rypu .i.on . 
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... an online service (or ISP) . The two biggest concerns are the 

availability of local or toll-free numbers for dial-in access and the 
SLipporced connection speed. 

All of the services we reviewed maintain nationwide networks of 
iial-in access servers or points of presence (POPs), and all provide 
local-area access numbers . While most cities are well-supported, check 
that you can access the service without paying long-distance charges if 
you live off the beaten track. 

Your connection speed has a huge impact on the perceived performance 
of your service and Internet connection . All the services but Prodigy 
offer 28.8-Kbps access at most of their POPs, the fastest uncompressed 
speed supported by today's best modems. Prodigy's aging... 
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...ABSTRACT: maintenance release to improve the security of its 
client /server applications. The new release enables users to encrypt the 
iiiaster password that is utilized to access the database of every 
PeopleSort applications. In addition, the company announces a joint 
'i:^v-^ ! opineni: and marketing agreement with Open Horizon, whose systems and 

wf rk soreware is based on complex Kerberos security technology. The 
-J : : 'jemen I. calls for PeopleSofc to integrate Open Horizon's Connection 
Database Single Sign - On services with its applications. All 
passwords are stored on a Kerberos server with this technology rather 
than on an unsecured PC client. PeopleSoft elected to issue the release and 
create the alliance in response to an industry. . . 
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. . . from a mature network operating system such as LANtastic are 

.r.cLudeci in LANtastic for OS/2. Password expiration dates, as well as 
cime-of-day login restrictions, may be specified for each account . In 
addition, the network control directory {the hidden directory that contains 
server inf ormat ion--including shared resources, accounts, and other server 

configuration parameters) on each LANtastic server may be password 
-protected and remotely administered from any other LANtastic server, 
regardless of whether it's running OS/2, DOS, Windows, or even LANtastic 
Dedicated Server. 
OTHER. . . 



12/3, K/4 (Item 4 from file: 275) 

DIALOG ( R) File 275: Gale Group Computer DB(TM) 
(c) 2004 The Gale Group. All rts, reserv. 

01790678 SUPPLIER NUMBER: 16634545 (USE FORMAT 7 OR 9 FOR FULL TEXT) 
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... : ;:;El 302.3 frames. 

sev'juricy, a dial-back feature authenticates remote dial-in users 
: \ '^ciiling back a pre-conf igured telephone number associated with each 
u.ser. Each port has its own password for added security. Authentication 
for changing server and port parameters, port login password, terminal 
lock command, service passwords and group codes, logout commands and 
inactivity logout are also provided. 

LTS-HTI servers also include Flash EPROMs and PCMCIA interface to 
support flash . . . 
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... ^ he desktop, listing people and services with whom you communicate 

/pc;. Multiple Servers 

iowerTalk lets you log on to multiple servers from within a single 
log - on dialog box and password, although each server has its own 
password . These servers can be almost anything: a file server, a 
QuickMail server, even a CompuServe account. PowerTalk Key Chain, one of 
three new icons PowerTalk adds to the desktop, contains the list of servers 
you automatically connect to from the Sign-On dialog box. When you log 
on to the PowerShare server, the authentication service verifies your 
identity and privileges by using a security technique called public-key 



er.crypcion . 
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. . . NOS manager. This module allows you to manage all of your servers 

•■ * ho same machine^ regardless of what NOS is set up on the server . 

All of ehe reviewed NOSs support log-on passwords with varying 
^ • : :. jser identification and password security to authenticate and 
access rights to shared server resources . With both Windows NT 
Arivanced Server, Microsoft offers C2-level security, as does Novell 
wi ch NeuWare 4 . 0- -necessary for work with the United... 
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...ABSTRACT: security and administration features. It is designed to be 
easy to set up; a single menu utility controls all major network 
operations, and users need log on only once because the user account 
is synchronized and distributed across all servers . NetWare Lite 
rr.^vides password protection and lets administrators specify user access 
::.;s. l::arly users say that the product meets their needs. NetWare Lite 
v . ; ^- for S99 per node. 
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Novell's requirement of log-in IDs on multiple servers is to 
differentiate between types of servers. For example, some servers can be 



designated as log - in servers. Users with individual accounts on these 

servers can store all of their data in their own password -protected 
workspace. (See realted story, Page S/25.) 

Other servers are then designated as application servers. When the 
■jser needs a specific application, a batch... 
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. . . users to 

conveniently secure documents using the DOCS Open access control 
list. Advanced Library Security caters to customers with stringent 
data security requirements by individual login control, which allows 
sites to authenticate each user by password 
to Sybase, Oracle and NT 

SQL Server -based libraries. V2 . 5 also supports new platforms 
including Windows 95, Sybase System 10, NFS and Novell 4.1. 
Core enhancements to DOCS Open V2 . . , 
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. . . computers 

' NC Manager which includes applets for adding and deleting users and 
derining password access to specific information and applications; and 
i:orma cuing NC Cards with each user's personal identification niimber 
and server connect string that will enable automatic access to their 
documents, applications, and information services . 

* NCI's NC Desktop software, the multimedia system software which is 
automatically downloaded to individual network computers to enable Java and 
Web-enabled applications and. . . 
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. . . i-'Q widely accepted anytime soon. 

Ar.ouher solution may come from a start-up called EZLogin.com, which 
.:::i:s co make itself into a kind of single sign - on service for the 
eniiire Web. EZLogin {www.ezlogin.com, naturally) stores all of your 
Web-user names and passwords on its secure server , and it uses agent 
technology to automatically fill out log-in forms for you. 

The beauty of EZLogin 's approach is that it doesn't require merchants 
or customers to install any software. It's not limited to I-commerce sites 
- - you can use it to log on to almost any password-protected site to 
which you have access. And it provides additional benefits, such as online 
bookmark management and the capability to give someone else "guest" access 
V, o . . . 
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... physically separated its commercial network from internal networks. 

For Web site security, E-Trade uses Netscape's Secure Commerce Server 
to secure transactions. When clients access its site using Netscape 
Navigator or Microsoft's Internet Explorer, all communications are 
protected through server authentication and data encryption. All users 
are given unique user names and passwords that must be entered each time 
they log on, and the system requires users to enter passwords again when 
placing an order. 

Do investors find. . . 
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... i i La 1 Radar also coses $20 less. 

.1 \ i: a 1 Radar 
$30 list 
Connect ix 
800/950-5880 
www.connectix.com 
Password Protectors 

It can be tough to keep track of all your passwords for connecting 
to the server at work, using e-mail, and accessing online services . 
Jotting them down on a sticky note you keep pasted to your desk drawer 
isn't the answer. A better idea is using Password Memorizer... 
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DigitalRadar also costs $20 less. 
DigitalRadar 
$30 list 
Connectix 
800/950-5880 
www . connectix . com 
Password ■ Protectors 

! i: can be tough to keep track of all your passwords for connecting 
'.J -he server at work, using e-mail, and accessing online services . 

Ling chem down on a sticky note you keep pasted to your desk drawer 
isn't the answer. A better idea is using Password Memorizer... 
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. . . a proxy server to a standard Web server. Connect Server offers 

au thient icat ion , access control, encryption, replication, and management not 

found in standard Web servers. 

Connect Server uses DCE credentials for authentication, with all 
IDs, passwords , and group information stored and managed centrally. 
Access -Control Lists for Web resources are maintained in the Ceil 
Oirecuory Service, letting users access multiple Web servers with one set 
or credentials. Kerberos provides a secure method of authentication... 
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data and user passwords across TCP/IP, IPX/SPX, and most other 
network protocols. Microsoft, in Redmond, Wash., will also integrate SQL 
oe^ver's user log - in with Windows NT security services so 
administrators can centrally manage all passwords across server 
domains. Pricing for SQL Server 95 has not been announced. 

Oracle earlier this month announced Oracle Secure Network Services, an 
add-on data encryption package for Oracle's SQLNet connectivity... 
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ABSTRACT: one-click purchases at merchant stores. Another solution may 
'^•'iTifj i;rom a startup called EZLogin.com, which aims to make itself into a 

kind of single sign - on service for the entire Web. EZLogin 

(www.ezlogin.com) stores all of your Web-user names and passwords on 

its secure server , and it uses agent technology to automatically fill out 

login forms for you. 

...TEXT: to be widely accepted anytime soon. 

Another solution may come from a startup called EZLogin.com, which aims to 
make itself into a kind of single sign - on service for the entire 
Web. EZLogin (www.ezlogin.com, naturally) stores all of your Web-user 
names and passwords on its secure server , and it uses agent technology 
to automatically fill out login forms for you. 

The beauty of EZLogin 's approach is that it doesn't require merchants or 
-triors r.o install any software. It's not limited to I-commerce sites - 
or. \:se ic co log on to almost any password-protected site to 
. yoi) have access. And it provides additional benefits, such as online 
'-;:;ia:-k fnanagement and the capability to give someone else "guest" access 
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The trail you leave behind 



...TEXT: and retain information about who you are and what you do. 

For example, "anonymous FTP" is not anonymous. It's a mechanism to let 
users access files without each user having their own account and 
password . The server asks for your user ID as the "password. " Even if 
you don't give it, however, the server probably has it already (and 
probably is . . . 
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physically separated its commercial network from internal 
networks . 

For Web site security, E-Trade uses Netscape's Secure Commerce 
Server to secure transactions. When clients access its site using 
Netscape Navigator or Microsoft's Internet Explorer, all communications 
are protected through server authentication and data encryption. All 
jsers are given unique user names and passwords that must be entered 

^-.ime chey log on, and the system requires users to enter passwords 
r.iCjcLn when placing an order. 

Do investors find... 
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... it is for the lender to capture the business. 

Countrywide * s program, ■ called Platinum Lender Access, allows a bank 
that processes a mortgage application to access the Platinum site by 
browser to check things like loan status, account history, and interest 
rates. Count rywide ' s secure Web server checks each bank's name, 
password , identification number, and other proprietary information so 
only authorized data is passed to the bank. 

In the past, banks sent fax, telephone, and mail requests... 
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... a proxy server to a standard Web server. Connect Server offers 

authentication, access control, encryption, replication, and management 
not found in standard Web servers. 

Connect Server uses DCE credentials for authentication, with all 
IDs, passwords , and group information stored and managed centrally. 
Access -Control Lists for Web resources are maintained in the Cell 
Directory Service, letting users access multiple Web servers with one set 
on credentials. Kerberos provides a secure method of authentication... 
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Text : 

... network, Jones says. And AT&T has put security measures in place to 
ensure data gets to its destination unscathed. The company has deployed 
firewall servers throughout its network, and all IP EDI customers will 
use passwords to access the service .AT&T's IP EDI service can offer 
considerable savings compared to VAN services that Chicago Rawhide is using 
ir)clay, says Craig Young, director of electronic commerce at the 
;: fdCCU rer . The . . . 
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. . . computers 

NC Manager, which includes applets for adding and deleting users and 
defining password access to specific information and applications; and 
rorrmacting NC Cards with each user's personal identification number 
and server connect string that will enable automatic access to their 
documents, applications, and information services . 

NCI's NC Desktop software, the multimedia system software, which is 
automatically downloaded to individual network computers to enable Java and 
Web-enabled applications and. . . 
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]:n .com Jump Starts the Internet; Free JumpPage Service Allows Users 
to Easily Access All Personalized Web Sites 

Business Wire 

Tuesday, May 25, 1999 09:55 EDT 

JOURNAL CODE: BW LANGUAGE: ENGLISH RECORD TYPE: FULLTEXT 
DOCUMENT TYPE: NEWSWIRE 
WORD COUNT: 4 20 

TEXT: 

SAN JOSE, CALIF. (May 25) BUSINESS WIRE -May 25, 1999 - ezlogin .com 
today announces the launch of its JumpPage (TM) service which 
dramatically improves users' experiences on the Web. 

The free service, available on the company's beta site at 
www. ezlogin .com, eliminates many of the frustrations that Internet 
users face on a daily basis, such as the need to remember multiple user 
names and passwords and the pain of going through repetitive login and 
registration steps. 

For the first time ever, a single click on ezlogin .com*s 
JumpPage (TM) takes Internet users directly to all their personal Web 
sites, registers them to new services, or enables them to surf together 
with friends and family from multiple locations. The new service 
automates the usual steps required for access, registration, and 
sharing of personal Web services. 

"As the Web becomes the home of many everyday activities, a top 
priority for users is easy access to the sites and services they use on 
a recurring basis," said Jean-Noel Lebrun, CEO of ezlogin .com. "Our 
secure JumpPage (TM) acts as the master key to instantly unlock personal 
information and services." 

ezlogin .com is the first JumpPage (TM) service . It provides a 
comprehensive solution, including: 

\'One Click Login service stores members' user names and 
passwords on ezlogin .com's secure server. Together with a 
Web-based bookmark function, it enables users to instantly access 
all personal accounts and bookmarks from any computer or Internet 
device . 

One Click Registration service -- automatically registers users 
to new services. It automatically fills electronic registration 
forms and enables one-click access each time thereafter. Users 
have the ability to store multiple user profiles that disclose 
various levels of personal information and can select from these 
when registering to a new site. 

GroupSurfing -- allows remote users to surf the Web together in 
real-time by opening private or public Surf Rooms on ezlogin .com. 
This service is particularly helpful for making group decisions 
such as travel arrangements and gift purchases online. 

Th*^ beta site is currently available for review at www. ezlogin .com. 

Abouc ezlogin .com 

Based in San Jose, Calif., ezlogin .com is the first 

JumpPage (TM) service for the Web. Combining superior technology and an 
easy-to-use interface, ezlogin .com offers a comprehensive service to 
help people access, register, and share personalized Web services with 
a high degree of convenience, security and privacy. Public launch of 
the site is scheduled in June. For more information please visit us at 



^vnrvr^ ezlogin .com. 

None to Editors: ezlogin and JumpPage are registered trademarks 
exclusively licensed to ezlogin .com 
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Beyond the LAN: managing the distributed enterprise. (CA-Unicenter TNG 
network management software) (Product Information) 

Pazol, Steve 
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. . . network login, an e-mail login, a mainframe login, two to three 

mainframe applications' logins, one or more server logins, and one or more 
client- server application logins. Each of these systems has different 
authentication mechanisms, password expiration policies, sign-on 
procedures and user IDs. Each system requires a procedure to change the 
user's password, and some systems require their passwords to be in synch. 

By implementing Unicenter TNG Single Sign - On by user function, 
we were able to let the user sign on with only one user ID and password. 
And because we set the Unicenter. . . 



18/3, K/2 (Item 2 from file: 275) 

DIALOG (R) File 275:Gale Group Computer DB(TM) 
'c) 200-1 The Gale Group. All rts. reserv. 

. ':]'->92 SUPPLIER NUMBER: 18842595 (USE FORMAT 7 OR 9 FOR FULL TEXT) 

Microsoft SQL Server 6.5. (one of six database server evaluations in 
"Comparison Summary") (DBMS Server Comparison Supplement) (Software 
Review) (Evaluation) 

Winckler, Cor 

DBMS, v9, nl2, pS26{2) 

Nov, 1996 

DOCUMENT TYPE: Evaluation ISSN: 1041-5173 LANGUAGE: English 

RECORD TYPE: Fulltext; Abstract 

WORD COUNT: 1966 LINE COUNT: 00158 

. . . Server, you can choose to use standard security, NT integrated 

security, or mixed security. Standard security means that each user must be 
defined within SQL Server , each with a separate SQL Server password 
; thus a user may have two different sets of usernames and passwords, one 
tor NT and one for SQL Server. With integrated security, the system manager 
can map the NT usernames directly to a SQL Server login. A single sign - 
on provides access to both Windows NT and SQL Server. Integrated security 
can be easier for end users and system managers because fewer usernames and 
passwords . . . 
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Introducing: Cri ticalWare . APIs and middleware hold all the pieces 

together, which is why we should change their name. (System Integration 
Tips: ODBC, Borland Database Engine) (Tutorial) (Column) 
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Data Based Advisor, vl3, nl, pl32(4) 
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... DB-Library (if you get it from Microsoft). Oracle's proprietary API 

is known as Oracle Call Interface. 

Programs written with these APIs can only access a single database 



- the one provided by the vendor who wrote the API . This has one big 
disadvantage: If you want to support another database server , you have to 
rewrite all your database access code from scratch. While hardcore 
developers may not be impressed, I would rather write code that does 
something useful than code that redoes something that someone... 
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on Editors' Choice award, new products, network operating system 
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Edition) (Software Review) (Evaluation) 
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. . . from your current environment--which is often NetWare these 

days--to a new NOS or an upgraded version of the NOS you're running. NT 
Server was very impressive, letting us import all user information 
except passwords and log-on scripts from the server . LAN Server lacks 
these migration tools, but they should be available by the time you read 
this. But both provide a gateway service to NetWare servers that allows 
clients to access NetWare file and print resources . Surprisingly, 
NetWare 4.02 migration tools are limited, moving only NetWare 3.12's 
Bindery information. Like the tools in Windows NT Server, MIGRATE.EXE... 



18/3, K/5 (Item 5 from file: 275) 

: \;;]:'M\<) File 275:Gale Group Computer DB(TM) 
• - 0-^] The Gale Group. All rts. reserv. 

01635717 SUPPLIER NUMBER: 13957019 (USE FORMAT 7 OR 9 FOR FULL TEXT) 

Banyan's ENS brings directory service to NetWare. (Enterprise Network 
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. each server must be administered separately. A network manager, for 
inscance, needs to add a user to server A in order to give that user 
access to a corporate database , to server B to grant access to a 
personal spreadsheet, and to server C to grant access to a print queue 
servicing the department's laser printer. The administrator must set up an 
account on each server, granting the appropriate privileges for the user on 
that server . Then the user must log in to each server separately 
using a password for each one. 

ENS reduces the amount of time and effort spent in administrating 
NetWare servers. Service locations can be changed without user impact. ENS 
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Banyan's ENS for NetWare improves access to VINES. (Banyan Systems Inc. 's 
Enterprise Network Services for NetWare 1.1) (PCWEEK Netweek) 

PLCarlo, Lisa 

: ^ • r-., vlO, n50, pNlO (1) 

■ n-:.60'l LANGUAGE: ENGLISH RECORD TYPE: FULLTEXT; ABSTRACT 

■;; •:^:-NT: 527 LINE COUNT: 00042 

of VINES," Russo said. 

Version 1.1 supports cross-platform file and print functions, 
enabling NetWare users to print to any VINES queue. And a single log - 
in providing access to both VINES and NetWare networks saves managers a 
great deal of time. Previously, administrators added user names to each 
server and managed each password individually. 

With ENS for NetWare 1.1, Alvin Jones, system engineer with 
Transitions Optical Inc., in Pinellas Park, Fla., estimates that systems 
aciminisi: ration (setting up... 



18/3, K/7 (Item 7 from file: 275) 

DIALOG (R) File 275: Gale Group Computer DB{T[y!) 
(c) 2004 The Gale Group. All rts. reserv. 

01598455 SUPPLIER NUMBER: 13724350 {USE FORMAT 7 OR 9 FOR FULL TEXT) 

The layers of network security. 

Harrison, Bradford T. 
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. . . cbjecLS on the network, and only authentication is ensured via 

■ : i^-v OS key distribution. The Computer Associates product builds on the 
: i.nria-nen i:a i Kerberos concept of centralizing all key and password data 
on a Generalized server by adding authorization, auditing and other 
security features to the centralized security database. 

System administrators can establish and implement policy, audit, and 
query the distributed system, controlling and maintaining access to 
protected resources ranging from printers to distributed files. The 
mechanisms build on the ACF2 and Top Secret products that Computer 
Associates has successfully sold for many years... 
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. . . very tedious adding a new application to 100 

")ne of Che LAN administrator's most sensitive tasks is setting up and 
:' -i i ; : I, a 1 ri i ng control of user access to network resources . A system 
f'::..3nii nis t ra tor on any of the major network operating systems can assign 
users different access privileges to directories, and sometimes individual 
files, on the file server . 

Since all systems rely on login passwords as their first line of 
defense, how they protect their password files is an important 
consideration. The system should allow for a system administrator who... 
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. . . payment due. The Account Center also allows cardmembers to review 

cheir most recent transactions, including payments, adjustments, and new 
purchases since their last statement. 

To access the Account Center, cardmembers need Netscape Navigator 
(TM) 1.2 or a higher version of the Internet client software. The Netscape 
client software encryptsall cardmember information. The Account Center also 
has a registration process that provides each customer with a unique 
password . 

Enterprise/Access: Web Edition is a Web server -based software 
solution that allows customers, like UCS, conducting business over the 
internet to access and update existing business applications in a secure 
manner without. . . 
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AT&T Universal Card Service has opened up an Internet connection so 
u hat its card customers can get access to their personal account , 
securely accessing information such as available credit, statement balance, 
]a3t payment received and minimum payment due. The latest transactions 
since a printed statement can also be viewed. The Account Centre also has a 
registration process providing each customer with a unique password and 
this is backed by secure Netscape server technology. 
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NEW YORK, USA- AT&T Universal Card Service has opened up an Internet 
connection so that its card customers can get access to their personal 
account , securely accessing information such as available credit, 
statement balance, last payment received and minimum payment due. The 
latest transactions since a printed statement can also be viewed. The 
Account Centre also has a registration process providing each customer 
wi^-h a unique password and this is backed by secure Netscape server 



technology . 

COPYRIGHT 1996 M2 Communications 
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... payment due. The Account Center also allows cardmembers to review 

their most recent transactions, including payments, adjustments, and new 
purchases since their last statement. 

To access the Account Center, cardmembers need Netscape Navigator 
1.2 or a higher version of the Internet client software. The Netscape 
client: software encrypts all cardmember information. The Account Center 
also has a registration process that provides each customer with a unique 
password . 

Enterprise/Access: Web Edition is a Web server -based software 
solution that allows customers, like UCS, conducting business over the 
Internet to access and update existing business applications in a secure 
manner without . . . 
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... payment due. The Account Center also allows cardmembers to review 

their most recent transactions, including payments, adjustments, and new 
purchases since their last statement. 

To access the Account Center, cardmembers need Netscape Navigator 
i . or a higher version of the Internet client software. The Netscape 
f:.!ieni: software encrypts all cardmember information. The Account Center 
also has a registration process that provides each customer with a unique 
password . 

Enterprise/Access: Web Edition is a Web server -based software 
solution that allows customers, like UCS, conducting business over the 
Internet to access and update existing business applications in a secure 
manner without . . . 
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. . . line connection point server, a set of server-side tools, will 

on-ible administrators to configure and customize the front end viewed by 
users. The authentication server will handle all password validation 
for VPN connections and support industry-standard protocols. 

Spencer says that BaseCamp is the logical extension and evolution of 
the original Windows NT RAS, which was recently ported to run on Windows NT 
Server with Microsoft's Routing and Remote Access Service , formerly 
known as Steelhead. Steelhead provided rudimentary virtual private 
networking between branch offices, but BaseCamp will move VPN to the next 
level, extending it to. . . 
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. . . valid username and password. 

When sec ting up a peer-to-peer network with Windows 95 (even if you 
•i-:^. r.e one Windows 95 system as a server ) security is managed by each 
wo r :vs ca uion independently, with each user assigning passwords and 
security for shared folders or printers on his or her workstation. Because 
of this fact, there is no guarantee that a particular user will have the 
same password or rights on all shared workstations in the network. In fact, 
when connecting to a shared resource , Windows prompts you only for the 
password-there is no checking of the password against a username since only 
one password can be assigned to each shared item, with all users entering 
the same password . 

When using Windows NT Server (if it was installed as a primary 
domain controller, as opposed to a standalone server) it becomes possible 
to set up login names and passwords... 
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... indeed adding their own security measures. Graham Silver, senior 

consul tanc of Bell Sygma, the computer systems division of Ontario-based 
Beil Canada, uses LiveLink to connect to 13,000 customer service 
representatives, as well as posting documents to its Web sites from a 
variety of departments. 

For intranet use, Silver says that he uses an internal firewall. "We 
have secure ID cards for remote dial-in access, plus logon IDs and 
passwords," he says. "So when you dial into the server , it has a password 
for every user's password , generated automatically. So the numbers have 
to match. " 

For external Web sites, Silver's permissions are set so not every 



internal staff member can go through the firewall to post documents. That 
capability, plus the SSL security on the servers themselves, and the fact 
that no permissions are given to access the network from the Web site , 
makes him comfortable enough to keep this site going, he says. 

"Before we let people access the network from the Web site, we're 
working . . . 
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... A PC version based on the Intel 80486 microprocessor is scheduled 

IOC release in early April, Stock we 11 said, 

'Isers who protect their data on a server -by- server basis must log 
each server separately with a different password , Passmore 
-j^c. However, Mergent International, Rocky Hill, Conn., announced in 
.'^nuacy that its PC/DACS for DOS/Windows workstation security product will 
OLrer a single sign - on facility that provides centrally managed, 
single password sign - on to workstations, networks, and hosts. 
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. . . intercepted. An earlier version, the Password Authentication 

Protocol (PAP), sends both the username and password in the clear. Token 
cards generate a new password for every connection so that intercepted 
passwords are useless. 

These schemes require an authentication server , which is basically a 
database that stores the list of authentic users and their credentials. The 
tunnel server communicates with the authentication server using the Remote 
Auchen tication Dial-In User Service (RADIUS) or proprietary protocols. Once 
•;sers are authenticated, policies and access controls can be retrieved 
r rom authorization databases . Proprietary protocols are typically used 
iioday for this authorization function, although most vendors are moving 
coward the standardized Lightweight Directory Access Protocol (LDAP) as 
part . . . 
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... ;:*icieeri adding their own security measures. Graham Silver, senior 

• ' ..' o :' Bell Sygma, the computer systems division of Ontario-based 

'::.ctJci, uses LiveLink to connect to 13,000 customer service 
"^citiiaL ives , as well as posting documents to its Web sites from a 
':r.cj.e'cy of departments. 

Tor intranet use. Silver says that he uses an internal firewall. "We 
have secure ID cards for remote dial-in access, plus logon IDs and 
passwords," he says. "So when you dial into the server , it has a password 
for every user's password , generated automatically. So the numbers have 
to match . " 

For external Web sites, Silver's permissions are set so not every 
internal staff member can go through the firewall to post documents. That 
capability, plus the SSL security on the servers themselves, and the fact 
' nai' no permissions are given to access the network from the Web site , 
::. tikes him comfortable enough to keep this site going, he says. 

"Before we let people access the network from the Web site, we're 
working . . , 
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... software utility developed for distributed networks. It protects 

networks consisting of unsecured workstations and moderately secure servers 
with a highly secure 'ticket-granting' server for access to multiple 
network services . In this scheme, each access session requires a valid 
entry ' ticket . ' 

Kerberos includes three components: a database, an authentication 
server or access control system, and a ticket-granting server - all of 
which reside on a network server . The database stores all user names 
and passwords , the available network services and the encryption keys for 
these services. 

The authentication server verifies users' identities. The 
ticket-granting server generates the electronic 'tickets' that allow users 
to communicate with network servers and gain secure access to network 
services . 

Summary 

* User passwords are building blocks for security systems but 
traditional passwords - as a software-only solution - are inadequate for 
remote access security if used. . . 
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... resources (files, printers, etc.) in another trusted domain. Local 

groups can contain users and global groups from other trusted domains. 
Members of a local group access network resources within the local 
group's domain. 

Other improvements: Advanced Server is the most secure NOS that 
Microsoft has built to date, provided that you use NTFS for all network 
disk storage. Advanced Server encrypts all passwords sent across the 
wire, including Macintosh users running NT's client software. Network 
administrators can monitor network access, either locally or remotely, much 
li ke using . . . 
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. . . TEXT : Web OpiS 

C'jrrenciy, several schemes provide security for Web communications (see 
Kiqure 2) . The HyperText Transport Protocol (HTTP) supports a basic 
auLhent icat ion mechanism for limiting access to specific Web pages . 
If a Web server rejects an initial request with the appropriate error 
(status code 401), the Web browser is expected to resubmit the request for 
the protected Web page with a valid username and password in the HTML 
headers. Basic authentication is available in virtually all Web- server 
software. Unfortunately, the username- password combination was passed 
over the network in an easily intercepted and interpreted form (base64 
encoding) . The earliest protocols proposed for Web security were SSL and. . . 
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Rockwell advances enterprise security strategy 
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...TEXT: corporate TCP/IP network and the Internet with proper security 
controls came as a result of demands from executives, salespeople and 
^nc.ji.neers asking for greater access to databases , electronic mail and 

- :';:. 'r:e i: files . 

o : nee repeatedly used passwords are easy for hackers to intercept on the 
liM.ernec, Rockwell is structuring its security strategy on a 
microchip-based card called the dynamic password token. This card generates 
a new password every minute, which is checked by an authentication server 

However, not all dynamic password authentication servers support 

multiple types of dial-up access or provide support for the Cisco Systems, 

Inc. communications products used by Rockwell. And not all network 
firewalls . . . 
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...TRX'": network managers. It can keep the net safe from outside intruders 
A'iuh feacures such as dialback {with password protection), user-selectable 
and predefined telephone numbers, logon time restrictions, resource 
usage limitations and logon passwords. 

However, remote users and network managers must be aware of one potential 
threat to network security -- unauthorized use of a remote workstation. 
Some remote users save all their settings, including passwords , for 
automatic connection to the WinView server . Should they gain access to 
one of these remote workstations, unauthorized users can wreak havoc. 
Although Citrix does not provide a safeguard on the server... 
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. . .Ti-;XT: maintains a database of all user locations, identities and 
: : ^*~vvrrr:s, and controls access rights to domain resources. If the 
r::.:^vl!er goes down, users have difficulty accessing resources . LAN 
3.01 provides for replication of that database to a backup 
' ^)r:i. ro L ler so OS/2 and DOS clients can access resources in their domain 
even if the primary controller is down. 

The second domain improvement speeds up the process by which a new user 
password is accepted by every server within the domain. User passwords 
are changed first on the server local to the client and are then 
immediately changed in the domain controller database. However, there is a 
time lapse before the new password can... 
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...TEXT: resources (files, printers, etc.) in another trusted domain. Local 
ii .^'jrs can contain users and global groups from other trusted domains. 
" : ^> f a Local group access network resources within the local 

.r ' - ^ :.<yi\\a in . 

' : r.r-r improvements: Advanced Server is the most secure NOS that Microsoft 
r.rjs builc to date, provided that you use NTFS for all network disk 
Suorage. Advanced Server encrypts all passwords sent across the wire, 
including Macintosh users running NT's client software. Network 



adnrl n isr. ra tors can monitor network access, either locally or remotely, much 
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...TEXT: a server, a user name must be entered into the server's user 
definition list. (NET/30 creates a default user, called Everyone, during 
inscallation . ) Each user can be given a password and the servers 
owner can add a brief comment about the user. Users can be added to groups 
and groups can be given passwords. 

Once NET/30 's installed, all users have immediate access to every server 
through the Everyone log-in. NET/30 then lets you limit user and group's 
access rights to the server resources . Both users and groups can be 
restricted to using "short names" for resources or denied access to 
selected short names. They can be prevented from... 
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Screening Out Paper - The paperless office isn't here yet, but Web-based 
document management takes us a step closer. 
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... indeed adding their own security measures. Graham Silver, senior 

consultant of Bell Sygma, the computer systems division of Ontario-based 
Bell Canada, uses LiveLink to connect to 13,000 customer service 
representatives, as well as posting documents to its Web sites from a 
variety of departments. 

For intranet use, Silver says that he uses an internal firewall. " We 
have secure ID cards for remote dial-in access, plus logon IDs and 
passwords," he says. "So when you dial into the server , it has a 
password for every user's password , generated automatically. So the 
numbers have to match." 

For external Web sites, Silver's permissions are set so not every 
irvcornal staff .member can go through the firewall to post documents. That 
-•np.abi li t y, plus the SSL security on the servers themselves, and the fact 
• no permissions are given to access the network from the Web site 

, ri.akes him comfortable enough to keep this site going, he says. 

"Before we let people access the network from the Web site, we're 
working . . . 
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This month, I*m going to talk about computer security issues. (Windows at 
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. , . both from an end- user perspective (generally the user has only one 

password to validate his or her entry to the system and then gets access 
\r £:ii iihe resources automatically) and for administrators (there's a 
sincjle systemwide database of user accounts). 

Neither of these approaches, however, deals with one critical level 
of securit y-that involving the system console (the screen and keyboard on 
che network server ) . Generally, the console has no security at all , or 
just a simple log-on password that grants complete access to the 
system-so anyone at the console can do anything he or she wants. That's 
obviously dangerous, so the... 
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... A PC version based on the Intel 80486 microprocessor is scheduled 

for release in early April, Stockwell said. 

Users who protect their data on a server -by- server basis must log 
ir/o each server separately with a different password , Passmore 
' However, Mergent International, Rocky Hill, Conn., announced in 

■dnuary that its PC/DACS for DOS/ Windows workstation security product 
will offer a single sign - on facility that provides centrally managed, 
single password sign - on to workstations, networks, and hosts. 
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Text : 

... of departmental Web applications, for example, was one factor leading 
to Federal Express Corp.'s decision to embrace digital certificates. "If 
you start putting up all these Web servers , managing passwords and 
IDs quickly becomes untenable, " says Thomas Buss, senior manager of 
enterprise data protection at FedEx in Memphis, Tenn. FedEx's ultimate goal 
is a single sign - on , says Buss, who along with other security experts 
r- i r ipa ted in a roundtable discussion at Entrust Technologies, Ltd.'s 
.viecureSummit ' 98 in Chicago. At BellSouth... 



